mountaineerduke
commented
5 years ago After some more investigation, I found that I needed to use the full url for the redirect (instead of using a path relative url). This causes the request to be redirected back out to kong instead and forces the plugin to change the header.
Hello,
I am trying to use the kong-oidc plugin with keycloak. I have 2 clients in keycloak (one for each nodejs server that I'm standing up), along with 2 services/routes setup in kong (again 1 for each). The first simply logs the x-userinfo header coming in (we'll call this app1). The second (we'll call this portal) inspects the x-userinfo header and if a certain client role is defined (ie. portal-user) it will then issue a redirect to app1. My problem is that a user can have a role on both clients (for instance: portal-user and app1-user). Whenever the redirect happens, the x-userinfo header still has the role mapping for portal-user and not app1-user so it can be authorized. Whenever I go directly to app1 say from a browser or from postman, the header is correct. Any thoughts on how I can accomplish the redirect while getting the correct x-userinfo?