Skip to content

momayyez/authztraefikgateway

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.assets
.assets
 
 
.gitignore
.gitignore
 
 
.traefik.yml
.traefik.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
authorization.go
authorization.go
 
 
authorization_test.go
authorization_test.go
 
 
go.mod
go.mod
 
 

Repository files navigation

AuthZ Traefik Gateway

AuthZ Traefik Gateway is a custom authorization middleware plugin for Traefik that validates access permissions using Keycloak and the UMA 2.0 protocol.

It works by extracting the request path and method (e.g. GET /api/v1/user) and converting it into a permission format like user#get, then querying Keycloak’s token endpoint using a valid access token and the uma-ticket flow to determine if the user has access.

🔐 Features

  • 🔧 Authorization based on resource + scope
  • 🔄 Uses uma-ticket grant type for permission evaluation
  • ✅ Works with any token issued by Keycloak
  • 🚀 Lightweight and easy to plug into your Traefik stack

📦 Plugin Usage Example

http:
  middlewares:
    keycloak-authz:
      plugin:
        authztraefikgateway:
          keycloakURL: "https://keycloak.local/realms/demo/protocol/openid-connect/token"
          keycloakClientId: "traefik-gateway-client"

About

A Traefik plugin middleware that integrates with Keycloak Authorization Services using the UMA protocol to validate resource-based permissions like /resource#scope.

Topics

traefik-plugin traefik-plugin-catalog traefik-plugins-catalog

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 18

v2.0.2 Latest
May 25, 2025
+ 17 releases

Packages

 
 
 

Contributors

Languages