Kong Plugin for Forward Authentication

I am looking for Kong Plugin for Ingress Controller where for every user request, it will first authenticate against an API endpoint and if the response is OK, it will redirect to actual user request.
We have recently moved from Traefik to Kong and there is a similar feature in Traefik
Any pointers would be greatly appreciated.

The authentication scheme that Traefik doc covers doesn’t provide specifics, but it sounds similar to what Open Policy Agent provides.

There are a few community plugins that integrate with OPA:

Thanks for your reply.
In the Traefik, we were doing like below

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ngnpb-ingress
  namespace: ngnpb
  annotations:
    kubernetes.io/ingress.class: traefik
    ingress.kubernetes.io/protocol: h2c
    ingress.kubernetes.io/auth-type: forward
    ingress.kubernetes.io/auth-url: http://mgmt-security.ngnpb.svc.cluster.local:29091/validateToken
    ingress.kubernetes.io/auth-response-headers: Authorization, Role, User
spec:
  rules:
  - http:
      paths:
      - path: /api
        backend:
          serviceName: mgmt-security
          servicePort: 29092

As you can see above, in the annotations we are providing auth-url, so every request to /api
will first go to auth-url and if user is authenticated then only it will redirect to /api.
Hope this is clear now.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ