Keycloak + Traefik and Forward Auth (Proxy Auth)

So, i keep moving forward on my journey choosing an IDP for my services.

I have tested Authentik and it works kinda OK, i have some issues with Azure AD authentication.

It seems that there is a confirmed bug, but it looks like Authentik has kinda only one person developing it and that can be a problem when we face problems or bugs. Thats the biggest negative of Authentik for me.

Now i'm testing Keycloak, i was able to set it up and it seams that is running just fine. The problem is that most of the services that i want to protect does note use any kind of authentication that is suported by Keycloak (*rr apps, Overseerr, Homarr and etc), like Oauth2, SAML and etc.

Authentik supports the "proxy" auth, meaning that you put an forward auth middleware on traefik and it will intercept the trafic and authenticate you before you enter the page. On Authentik that works great, but i did not found any way to do that on Keycloak without using an external middleware on traefik that goes thought anoter container and not drirectly to keycloak like authentik can do.

I have in the past used that forward auth container but i always had problems with it, lots of problems, so i dont want to get back to it.

Do you know if is there any way to configure Keycloak to act as the forward auth middleware for Traefik like Authentik does so i dont need to use a third container to this usecase?


This seems to be discussed here like every other week, did you just search the forum for the common issues and potentially provided solutions?