科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Setting authentication in APISIX with Keycloak - Stack Overflow

    Setting authentication in APISIX with Keycloak - Stack Overflow

    programmeradmin5浏览0评论

    I want to know how to set apisix authentication from keycloak for suitable. Users only need to receive Access token once, and Apisix will authenticate it over time, when the user changes the role or interrupted Session (admin logout user - token is invalid), Apisix can identify. I want it to communicate via Introspect Endpoint. Please show me if you know.

    I tried to set in Keycloak. Now need APISIX's settting for suitable

    this is my setting, i want apisix to check token by Introspect Endpoint because access token not recall, it have old role.

    {
  "authz-keycloak": {
    "_meta": {
      "disable": false
    },
    "access_token_expires_in": 300,
    "access_token_expires_leeway": 0,
    "cache_ttl_seconds": 86400,
    "client_id": "apisix",
    "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
    "http_method_as_scope": false,
    "keepalive": true,
    "keepalive_pool": 5,
    "keepalive_timeout": 60000,
    "lazy_load_paths": false,
    "permissions": [
      "Default Resource",
      "Giteav1"
    ],
    "policy_enforcement_mode": "ENFORCING",
    "refresh_token_expires_in": 3600,
    "refresh_token_expires_leeway": 0,
    "ssl_verify": true,
    "timeout": 3000,
    "token_endpoint": ":8080/realms/apisix_test_realm/protocol/openid-connect/token"
  },
  "openid-connect": {
    "accept_none_alg": false,
    "accept_unsupported_alg": true,
    "access_token_expires_leeway": 0,
    "access_token_in_authorization_header": true,
    "bearer_only": true,
    "client_credentials_requires_scope": false,
    "client_id": "apisix",
    "client_jwt_assertion_expires_in": 60,
    "client_secret": "UDrN+4qxnTTudn9+PC",
    "discovery": ":8080/realms/apisix_test_realm/.well-known/openid-configuration",
    "force_reauthorize": false,
    "iat_slack": 120,
    "introspection_endpoint": ":8080/realms/apisix_test_realm/protocol/openid-connect/token/introspect",
    "introspection_endpoint_auth_method": "client_secret_basic",
    "introspection_interval": 0,
    "jwk_expires_in": 86400,
    "jwt_verification_cache_ignore": false,
    "logout_path": "/logout",
    "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9xxxxUJgAyx2dKVpcRQHKW\n2QIDAQAB\n-----END PUBLIC KEY-----",
    "realm": "apisix_test_realm",
    "refresh_token_expires_in": 0,
    "refresh_token_in_authorization_header": true,
    "renew_access_token_on_expiry": true,
    "revoke_tokens_on_logout": false,
    "scope": "openid email profile offline_access",
    "set_access_token_header": true,
    "set_id_token_header": true,
    "set_refresh_token_header": true,
    "set_userinfo_header": true,
    "ssl_verify": false,
    "timeout": 3,
    "token_endpoint_auth_method": "client_secret_basic",
    "token_signing_alg_values_expected": "RS256",
    "unauth_action": "deny",
    "use_nonce": false,
    "use_pkce": false
  }
}

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论