I have following design for my auth.
oauth2_proxy → keycloak → (success auth) → haproxy ingress controller → ingress path
I have used oauth2_proxy to reach to keycloak by setting the provider as oidc with below information
- args:
- --cookie-secure=true
- --provider=oidc
- --upstream=https://haproxy-service.pegasus.svc.cluster.local
- --email-domain=*
- --pass-basic-auth=true
- --pass-authorization-header=true
- --ssl-insecure-skip-verify=true
- --ssl-upstream-insecure-skip-verify=true
- --insecure-oidc-allow-unverified-email=true
- --redirect-url=/oauth2/callback
- --scope=openid profile email
env:
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://app.172.16.22.169.nip.io:32443/auth/realms/<REALM>
- name: OAUTH2_PROXY_CLIENT_ID
value: <CLIENT NAME>
- name: OAUTH2_PROXY_CLIENT_SECRET
value: <SECRET>
- name: OAUTH2_PROXY_COOKIE_SECRET
value: <SECRET>
and my ingress config looks like below
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: keycloak-ingress namespace: pegasus annotations: ingress.kubernetes.io/rewrite-target: /auth kubernetes.io/ingress.class: "haproxy-sso" spec: tls: - hosts: rules: - host: http: paths: - path: /auth backend: serviceName: keycloak servicePort: 8080
Issue which I have currently is when I hit the ingress path using /auth context, it routes me to login page of keycloak of master realm.
is there a way i can achieve redirect to right realm?
Required url: /auth/admin/REALM/console
Current url: /auth/admin/master/console
Any suggestions at oauth2_proxy side or ingress side or keycloak would be helpful for solving this case. Kindly help.