From 4d9a2b200f40d256abd13d7156d7a76b5e44c51a Mon Sep 17 00:00:00 2001 From: Sylvain Chen Date: Mon, 17 Dec 2018 13:11:11 +0100 Subject: [PATCH] Add gatekeeper documentation on how to use a forwarding proxy server --- securing_apps/topics/oidc/keycloak-gatekeeper.adoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/securing_apps/topics/oidc/keycloak-gatekeeper.adoc b/securing_apps/topics/oidc/keycloak-gatekeeper.adoc index f168fa3b51..2dd8453ee8 100644 --- a/securing_apps/topics/oidc/keycloak-gatekeeper.adoc +++ b/securing_apps/topics/oidc/keycloak-gatekeeper.adoc @@ -146,6 +146,13 @@ bin/{generic_adapter_name} \ By default the roles defined on a resource perform a logical `AND` so all roles specified must be present in the claims, this behavior can be altered by the `require-any-role` option, however, so as long as one role is present the permission is granted. +==== OpenID Provider Communication +By default the communication with the OpenID provider is direct. If you wish, you can specify a forwarding proxy server in your configuration file: +[source,yaml] +---- +openid-provider-proxy: http://proxy.example.com:8080 +---- + ==== HTTP routing By default all requests will be proxyed on to the upstream, if you wish to ensure all requests are authentication you can use this: