Keycloak + Traefik and Forward Auth (Proxy Auth)

So, i keep moving forward on my journey choosing an IDP for my services.

I have tested Authentik and it works kinda OK, i have some issues with Azure AD authentication.

It seems that there is a confirmed bug, but it looks like Authentik has kinda only one person developing it and that can be a problem when we face problems or bugs. Thats the biggest negative of Authentik for me.

Now i'm testing Keycloak, i was able to set it up and it seams that is running just fine. The problem is that most of the services that i want to protect does note use any kind of authentication that is suported by Keycloak (*rr apps, Overseerr, Homarr and etc), like Oauth2, SAML and etc.

Authentik supports the "proxy" auth, meaning that you put an forward auth middleware on traefik and it will intercept the trafic and authenticate you before you enter the page. On Authentik that works great, but i did not found any way to do that on Keycloak without using an external middleware on traefik that goes thought anoter container and not drirectly to keycloak like authentik can do.

I have in the past used that forward auth container but i always had problems with it, lots of problems, so i dont want to get back to it.

Do you know if is there any way to configure Keycloak to act as the forward auth middleware for Traefik like Authentik does so i dont need to use a third container to this usecase?


This seems to be discussed here like every other week, did you just search the forum for the common issues and potentially provided solutions?

There are lots of OLD threads about how to do this that refer to things like Swarm which is practically dead and that use old versions of containers. There are several different containers for foward auth that are maybe or maybe not the best solution.

I have struggled finding a modern best practice.

Docker Swarm is veeery slow in development :snail:, but it has advantages, we don’t need to adapt our configs all the time, no breaking changes, compare to various k8s discussions (2024, 2022, 2018) :wink:.