Hi,
I’m trying to remove user authorization built-in to the applications and move then to istio. In the past i have been able to use RequestAuthentication
and AuthorizationPolicy
with JWT to secure public restful services. This time its a front-end
We use keycloak OIDC and currently we use lua inside an openresty container to obtain the JWT cookie and based on that the user is either redirected to keycloak’s login page, is granted access or if the user does not have the proper role, we send back a 403 error page.
I have the following questions:
- How can i have istio/envoy redirect when they need to login?
- can i use
fromHeaders
to obtain the JWT from keycloak’s cookies?
tx.,