I use docker and traefik on my own server to provide my services. Now it is so that I have many services where I have to login, for example Portainer, Gitlab, RocketChat etc. To be honest, it is quite annoying when you have to enter your login data everywhere. It would be much more comfortable to have a global Auth-Server, which handles the login centrally for all docker services.
Example
I am using portainer to manage all my docker containers. Portainer supports oauth for external authentication. So can i use keycloak, combined with traefik, to authenticate to this service and protect the route to it?
Login Flow
- the user go to
portainer.domain.com
- redirect to
auth.domain.com
- choose auth-provider like Google, Facebook, Github
- redirect to auth-provider
- user login to auth-provider
- redirect to
auth.domain.com
- redirect to destination
portainer.domain.com
- user is automatically logged in to Portainer
- if the logged in user now go to
dashboard.domain.com
he can see all services he has access to - if the user click on logout, he is automatically logged out from all services
Summary
I imagine a login flow similar to Google. Once you are logged in with your Google account, you can use all services like Gmail, Notes, YouTube without having to log in to each service again. Is this possible with keycloak and traefik? I am looking forward to your ideas and suggestions.