Azure Entra SSO for TAP GUI via Keycloak
In recent years, I've worked with many customers who want to add SSO to a developer tool but run into blocking issues.
These are the two most common issues:
- there is no update-compatible way to configure Proxy configuration
- they want to use Technical Accounts, but they are not supported or allowed by their corporate SSO solution
Working with customers on Tanzu Application Platform(TAP)1, I often run into the first.
Tanzu Developer Portal2, the main GUI of TAP, is based on Backstage3 and the authentication is in Backstage is provided by adding plugins.
Many of these authentication plugins do not support configuring an outgoing Proxy other than changing the plugin's code.
This is not an acceptable solution for our customers.
This guide explores how we can leverage Keycloak4 to function as an authentication proxy.