SSO with Keycloak

[mprajescu]

Is it possible to add Single Sign On capabilities to the Nginx Proxy Manager proxy hosts instead of only relying on manual user authentication setup under access lists?
Meaning that when a user accesses a server setup on a proxy host, will get redirected to keycloak for authentication.

The Nginx server can be set up with Lua as described in the post link I've shared below:

https://developers.redhat.com/blog/2018/10/08/configuring-nginx-keycloak-oauth-oidc/

[GlibTongue]

See pr #753 perhaps this might help.

[mprajescu]

Thank you @GlibTongue. This might help. How can I implement this without having to run a different docker build? I think it's better to wait until this is merged into the main project. I don't mind the 300ms increase per host because at the moment I only run around 25 hosts, but I could see how this would get problematic once you get more hosts. I think it would be ready for the main project with a disclaimer that there is increased reload time once ODIC is enabled and configured.

[GlibTongue]

Thank you @GlibTongue. This might help. How can I implement this without having to run a different docker build? I think it's better to wait until this is merged into the main project. I don't mind the 300ms increase per host because at the moment I only run around 25 hosts, but I could see how this would get problematic once you get more hosts. I think it would be ready for the main project with a disclaimer that there is increased reload time once ODIC is enabled and configured.

Yes, it is better to wait for it to be merged with main build as you might have trouble migrating back, though not that hard as you would just have to remove some rows in database.

Regarding the time increases, it solely depends on the person enabling this, if it is worth it or not. I personally am not using it as I have no need for it.

If you read the reply bottom down, Jamie mentioned not merging due to increasing time load, so I am guessing as long as its not solved it will stay as it is.

[chaptergy]

Duplicate of #437