am trying to use kong oicd with keycloak 19.0.3 to secure my app and that my Dockerfile
FROM kong/kong:2.7.0
ENV OIDC_PLUGIN_VERSION=1.2.3-2
ENV GIT_VERSION=2.24.4-r0
ENV UNZIP_VERSION=6.0-r7
ENV LUAROCKS_VERSION=2.4.4-r1
USER root
RUN apk update && apk add git unzip luarocks
RUN luarocks install kong-oidc
RUN git clone --branch v1.2.3-2 https://github.com/revomatico/kong-oidc.git
WORKDIR /kong-oidc
RUN luarocks make
RUN luarocks pack kong-oidc ${OIDC_PLUGIN_VERSION}
&& luarocks install kong-oidc-${OIDC_PLUGIN_VERSION}.all.rock
WORKDIR /
RUN git clone --branch 20200505-access-token-processing https://github.com/BGaunitz/kong-plugin-jwt-keycloak.git
WORKDIR /kong-plugin-jwt-keycloak
RUN luarocks make
RUN luarocks pack kong-plugin-jwt-keycloak ${JWT_PLUGIN_VERSION}
&& luarocks install kong-plugin-jwt-keycloak-${JWT_PLUGIN_VERSION}.all.rock
USER kong
i did configure by passing the client id and client secret and the descovery endpoint
when i visit the configured route in kong i get redirected to keycloak to authenticate and after success auth i get redirected back to my app but when i check the headers i find no x-userUnfo and i find only session cookie am i missing something ?
am using nginx as an app to test in my case
2
Answers
You wont’t see those request headers in the request from your browser to Kong but in the upstream request from Kong to your service. The OIDC plugin will inject them.
One note about the jwt-keycloak plugin: you have to change its prority, e.g. to
Otherwise it will be executed before the OIDC plugin but you want to have it afterwards.
I’m using https://github.com/revomatico/kong-oidc for oidc and https://github.com/hanfi/kong-plugin-jwt-keycloak for jwt.
I enabled 2 plugin with scope required is user.
When i get access token and connect to service with:
The connection successed authen with scope ‘user’.
But when I visit the configured route in kong with browser i get redirected to keycloak to authenticate and after success auth i get this error:
. Is this error by cookie?