Finally, i am able to setup self-hosted boundary, worker and desktop client in air-gapped environment as a containerized apps in our k8 cluster.
i am using keycloak as a authentication service and trying to implement authorization service at the target level.
in my case, user gets authenicated against keycloak and can view the lists of targets in his desktop client web browser. now I am looking to force the user to enter the credentials while connecting to the target. once the credentials are successful then he can connect to the target resource. I am trying to use vault as static credential or dynamic secret injection with time bound.
wondering if anyone has done like this.