Our great sponsors
-
oauth2-proxy
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
-
keycloak-config-cli
Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
For anything that doesn't implement SAML or OIDC for authentication then you'll need to leverage that auth_request directive. To the best of my knowledge as someone who runs Keycloak + Nginx, you need some interim layer that can handle the OIDC login redirect dance on behalf of Keycloak. That's where oauth2-proxy comes in. You don't need to replace nginx with oauth2-proxy. Instead, oauth2-proxy can be used as an auth_request endpoint. This is how I've set it up.
If you do end up using a setup like this then I highly recommend that you look into https://github.com/adorsys/keycloak-config-cli. tl;dr You can export your realm configuration once set up and then use it to restore your system should you lose your keycloak data. It can also be used to provision users but you have to manually add them to the realm export because they are not included in an export for some reason. All the different objects it can manage are documented here: https://www.keycloak.org/docs-api/17.0/rest-api/index.html#_realmrepresentation.
You can't use keycloak direct with auth requests - you need an intermediary they can bridge the gap (or a custom build of Nginx, but that is a pain in the ass). I use Vouch Proxy: https://github.com/vouch/vouch-proxy