JAY SINGH
BACK TO PROJECTS
WORK

Zero-Trust Authentication Gateway

Distributed authentication and authorization gateway serving 5,181+ active user accounts protecting sensitive faculty and student data with granular Role-Based Access Control.

OAuth2-Proxy Traefik Keycloak Docker RBAC
GitHub

Overview

An enterprise-grade authentication and authorization gateway implementing zero-trust security principles for a university content management system. The platform serves as a critical security layer protecting sensitive faculty and student information across multiple services. By leveraging modern authentication protocols and middleware architecture, the system provides seamless single sign-on experiences while maintaining strict access controls.

Challenge

The university's legacy authentication system was fragmented across multiple applications, creating security gaps and poor user experience. Each service maintained its own authentication logic, leading to inconsistent security policies and increased attack surface. With 5,000+ active users including faculty, staff, and students accessing sensitive data, there was an urgent need for a centralized authentication solution that could enforce consistent security policies, provide audit trails, and integrate with existing Keycloak SSO infrastructure.

Solution

Designed a distributed gateway architecture using Traefik as the reverse proxy with OAuth2-Proxy middleware for authentication enforcement. Implemented granular Role-Based Access Control (RBAC) policies that evaluate user permissions at the gateway level before routing requests to backend services. Integrated seamlessly with Keycloak for unified identity management, enabling single sign-on across all university services. Deployed security hardening measures including CSRF protection, input sanitization, and secure session management.

Impact

Successfully secured 5,181+ active user accounts with zero security incidents since deployment. Eliminated authentication inconsistencies across 11 backend services by centralizing access control. Reduced authentication-related support tickets by 60% through improved UX with seamless SSO. Improved security posture with comprehensive audit logging of all authentication attempts and access patterns.

Key Features

  1. Zero-trust architecture with authentication required for all service access
  2. Granular RBAC policies evaluating permissions at the gateway level
  3. Seamless SSO integration with Keycloak identity provider
  4. Comprehensive audit logging for security compliance
  5. CSRF protection and secure session management
BACK TO ALL PROJECTS