How to implement user authentication with Istio along with LDAP or other components?

Can LDAP features be integrated with Istio to provide user authentication? We basically want to use Istio on top of our existing services. Our goal is to make Istio authenticate with LDAP for the list of users and their passwords. And based on this data, Istio should route the request to the appropriate service. Is there any utility through which this can be done?
If LDAP cant be integrated with Istio, are there any other ways to have the user authentication in Istio?

Your questions i think boils down to two parts.

Hope this helps

1 Like

Thank you for your suggestions! It indeed helps.
I’m going ahead with the first option that you have suggested: https://github.com/istio-ecosystem/authservice.
However, I’m new to the OIDC authentication. I have setup keycloak on my k8s cluster and I’m trying to fill in the values in the template here:
https://github.com/istio-ecosystem/authservice/blob/cfa3529c771d359a28f269abd7808bf64a68bcf4/bookinfo-example/config/authservice-configmap-template-for-authn.yaml

This requires values like the authorization_uri, token_uri, callback uri etc to be substituted.
Can you please let me know how and from where can these values be fetched and replaced? Any help would be appreciated!

Thanks!

I was able to get these values from the keycloak console itself. Thanks.

I’m also trying to integrate the same flow, but I’m not able to find the token_uri and callback_uri anywhere in the keycloak console. Can you please let me know where can I get these values in the keycloak console. Thanks.

Navigate to your realm on the keycloak console and you would have a link as
Endpoints : OpenID Endpoint Configuration

You can also get it from this endpoint:

https://<keycloak-domain.com>/auth/realms/<realm>/.well-known/openid-configuration

Attaching the image for reference:

Thank you so much for your response. I was able to get all the configurations to setup the authservice. After login from keycloak, the authservice is able to get the authorization code, but authservice fails to exchange authorization code for access token with keycloak. Are you also facing this issue? I’ve also created a github issue with more explanation.