|
|
|
|
|
|
by hunter2_
1354 days ago
|
|
|
SSO is about making a user account inside a service provider (e.g. TFA) which mirrors that same user account in the identity provider (e.g. Okta). A reverse proxy isn't able to write to the upstream application's user store or otherwise assert the identity of the current user to the upstream application, as far as I'm aware. It could do some kind of binary proxy-or-don't-proxy based on a valid assertion from the IdP, but the application would just attribute all traffic to a single user. Or is there some kind of gateway standard that I'm unaware of? |
|
|
This can be used to add whatever authn/authz you require to apps that don't even support authn/authz. I'm using Traefik ForwardAuth with Keycloak for Jaeger SSO in a couple of places.