Role Based Proxy Pass

[Breee]

Role-Based Proxy Pass

Summary

We protect a web service using Gatekeeper.
We want to be able to redirect users to different locations, based on their Keycloak roles.

Example:

• user1 has role "group01"
• user2 has role "group02"
• Our app ist reachable via http://app:8080

We now want that:

1. user1 sees http://app:8080/group01
2. user2 sees http://app:8080/group02

Why?

This enables simple role based routing.
So far we did not find a good approach to do this.
It would be a good addition to this tool and it saves us a lot of trouble.
The only other option we see, is to write our own service or use NGINX and a lua module.

How

1. Authenticate
2. Check if user has a specific role and redirect. If not, redirect to a default location or return an error.

define rules like this:

role_redirect:
  admin: 
     upstream_url: http://app:8080/admin 
  group01: 
     upstream_url: http://app:8080/group01
  group02: 
     upstream_url: http://app:8080/group02

or directly in the resources

[abstractj]

@Breee thanks for reporting this. But I'm closing it for now. For more details, please read see the announcement here #683