jam01
commented
3 years ago After research we've found there's no internal interface for Kong to on-demand go to keycloak for user information. Our option then, is to keep synchronized Keycloak's user information into Kong. There's a Keycloak event listener API that may have the necessary events for us to implement an integration between these two components
see: https://dev.to/adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-2044
More information is needed about what events Keycloak supports, and if there's one about users what data is included.
If built this should work in a way that can be used for components other than Kong as well, in case they also don't support auth delegation.
In order to provide a single point of identity and access management, how do we delegate/map kong rbac capabilities to Keycloak?
Are there any internal points of extension? If not how can we manually keep them in sync?