A2e7d86c Ff41 4385 9c19 81335a1204e7

What This Design Does:

This design shows a Keycloak SSO setup using OAuth2 Proxy for unified authentication. NGINX Ingress handles TLS and routes traffic to the OAuth2 Proxy, which authenticates users through Keycloak via OAuth2/OpenID Connect. Tools like Grafana, Prometheus UI, and Longhorn UI are secured with centralized SSO, ensuring consistent and secure user access across services.

Caveats and Consideration:

When using this design, ensure proper token refresh and redirect URI configuration to avoid login issues. Keycloak availability is critical, so high availability and backups are recommended. The OAuth2 Proxy adds minor latency but improves security. Careful management of sessions, TLS certificates, and role-based access is required to maintain stability and prevent over-privileged access. Some services may also need additional setup for full OAuth2/OpenID Connect compatibility.

Keycloak SSO with OAuth2 Proxy design

What This Design Does:

Caveats and Consideration:

Compatibility:

Recent Discussions with "meshery" Tag

Keycloak SSO with OAuth2 Proxy design

Catalog Details

Design Snapshot

Related Designs

vault-0.30.1.tgz

MESHERY40c7

What This Design Does:

Caveats and Consideration:

Compatibility:

Recent Discussions with "meshery" Tag