feat: Keycloak/OIDC authn & authz

apache / apisix-dashboard

Dashboard for Apache APISIX

https://apisix.apache.org/

Apache License 2.0

981 stars 520 forks source link

feat: Keycloak/OIDC authn & authz #2444

Open snovak7 opened 2 years ago

snovak7 commented 2 years ago

Possibility of authenticating against an external IdP via OpenID Connect, and management of permissions maybe in style of RBAC?

Baoyuantop commented 2 years ago

Hi @snovak7, can you describe it in more detail? I found two articles that I hope will be of help to you:

https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication https://apisix.apache.org/blog/2021/12/10/integrate-keycloak-auth-in-apisix

snovak7 commented 2 years ago

@Baoyuantop I know APISIX has this capability, but it's not the capability of a dashboard - the control plane

unless you want to say I want to put dashboard behind a apisix gateway whose purpose is to manage APIs, but you still have dashboard with some simple built-in authentication and it's not a stateless app.

Baoyuantop commented 2 years ago

The current Dashboard has only the most basic CRUD capabilities for resources. We can discuss these capabilities in the upcoming V3 version. You can refer to https://github.com/apache/apisix-dashboard/issues/2353

snovak7 commented 2 years ago

This one is better #2354