MirtoBusico commented on issue #9935: URL: https://github.com/apache/apisix/issues/9935#issuecomment-1692115328
@NNicoletti No I'm using keycloack Installing Apisix 3.2.2 and Keycloak 22.0.1 I'm able to use openid-connect plugin for authentication and authz-keycloak plugin for authorization The framework is a 3 worker nodes + 1 master kubernetes cluster created with k3s. I'm also using Istio as service mesh Here an example of a route using the plugins ``` curl http://localhost:8001/api/v1/namespaces/apisix/services/apisix-admin:9180/proxy/apisix/admin/routes/id_h2www_user -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "host": "h2www.h.net", "plugins": { "openid-connect": { "realm": "hd02", "logout_path": "/user/logout", "access_token_in_authorization_header": true, "redirect_uri": "https://h2www.h.net/user/*";, "_meta": { "disable": false }, "client_secret": "YVdFLJZ6KGtS7y2ZYARMfrcIpjP6Wt5J", "scope": "openid profile", "client_id": "hd02client", "introspection_endpoint_auth_method": "client_secret_post", "discovery": "https://h2k6k.h.net/realms/hd02/.well-known/openid-configuration";, "bearer_only": false, "post_logout_redirect_uri": "https://h2www.h.net"; }, "authz-keycloak": { "token_endpoint": "https://h2k6k.h.net/realms/hd02/protocol/openid-connect/token";, "permissions": ["user-resource"], "client_id": "hd02client", "access_denied_redirect_uri": "https://h2www.h.net/pres/unauthorized"; }, "redirect": { "http_to_https": true } }, "desc": "h2www.h.net/user primary route", "status": 1, "name": "h2www_user", "id": "id_h2www_user", "uri": "/user*", "upstream_id": "id_h2www_user", "methods": [ "GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "CONNECT", "TRACE", "PURGE" ] }' |jq ``` Hope this helps -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
