- The user try to access to https://apache.contoso.com
- The nginx ingress check if the user already authenticated to the OAuth2 Proxy.
- The user is not yet authenticated, so OAuth2 Proxy redirect the user to Keycloak
- User authenticates to Keycloak
- Keycloak redirects user to OAuth2 Proxy
- Oauth2 Proxy redirects user to https://apache.contoso.com
- The user receive a session cookie which will enable him to authenticate for future requests
https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/keycloak https://oauth2-proxy.github.io/oauth2-proxy/installation https://docs.syseleven.de/metakube/de/tutorials/setup-ingress-auth-to-use-keycloak-oauth