I'm using Keycloak OIDC to secure my REST application running on Quarkus (lets name it repository). I have another app that has to be protected with mutual TLS (lets call it api-service). Api-service is a client of repository. How to authorize api-service call to repository when I have prinicipal obtained from mTLS? I was playing a little bit with Keycloak mTLS but it doesn't seem to be an option because it will require changes to clients of api-service and it's not possible.
Programmatic authentication of a client
233 Views Asked by Jakub Grabowski At
1
There are 1 best solutions below
Related Questions in KEYCLOAK
- Keycloak: How to override Welcome Screen redirect behavior (to custom realm, instead of master realn/admin)
- X-FRAME-OPTIONS header missing on step1.html of Keycloak
- Keycloak: providing user attribute on register (manual registration and register from IdP)
- single signout is not working in keycloak spring security adpter 18.0.2
- Customize Authorization Code claims with Spring OAuth2 Authorization Server 3.2.4
- KeyCloak Handshake causing timeout
- Configuring Keyclock 22.0.4 as a key manager in WSO2 APIM
- How to set an empty list as a claim in Keycloak token after custom mapper
- OAuth access token attribute based reverse proxying of http ressources
- Keycloak: Receiving a "Invalid parameter: redirect_uri" when reloading the page manually
- Dynamically generate registration forms based on the client URI in Keycloak
- Keycloak with Google login and role based access not working
- Keycloak session doesn't expire
- Add custom attributes on terms.ftl page for Keycloak
- Is it ok to proxy the Keycloak APIs
Related Questions in QUARKUS
- BlockingOperationNotAllowedException in HttpAuthenticationMechanism
- Cannot connect to Postgres Database when running Quarkus Tests with Gitlab ci
- Why does Hibernate execute two SELECT queries instead of one when using @ManyToOne(fetch = FetchType.EAGER)
- When gradlew is packaged, System.getProperty cannot obtain the configuration
- Quarkus Gradle Multi-Project-Build Modular Testing Build-Problem
- QueryDSL with blaze persistence left join sub query
- change GC in quarkus jib build docker container
- Quarkus Quit Kotlin index page is displaying io.quarkus.qute.runtime.TemplateProducer$InjectableTemplate$InjectableTemplateInstanceImp
- JIB is generating image with outdated state of the project
- Quarkus is unable to serialize a simple string as JSON
- how to avoid while loop while waiting for future complete?
- Quarkus/Hibernate - Hibernate Reactive Panache - Error Table 'quarkus.<DetailTable>' doesn't exist shown only for MySQL
- Add custom data to 500 server errors responses
- Quarkus - Modify property during build time
- Declaring a dependency in gradle on another... sourceSet?
Related Questions in QUARKUS-OIDC
- Impossible to inject the SecurityContext in Quarkus 3.6.5+
- Keycloak devservice fails to have aliased files be injected
- Quarkus OIDC and Expression Language for two roles in the @RolesAllowed annotation
- Quarkus - Calling Google service API OAuth2
- Quarkus OIDC Keycloak: How to modify cookie age
- Is any way to set SameSiteCookie=None when remove q_session cookie on Quarkus?
- How to use Quarkus OIDC Client with client_secret_post authentication option
- Quarkus OIDC with Google One Tap Login: JsonWebToken and SecurityIdentity Not Working as Expected
- Quarkus: 401 for permitted route when request contains Bearer token
- Quarkus: Implementing a resource server with external authorization server
- Logging in through Keycloak with Selenium devservice
- New Keycloak Realm not providing roles for app login
- Quarkus OIDC- Hybrid application type. How to specify type at endpoint level
- How to logout user from Quarkus + Primefaces web app?
- Quarkus renarde and Keycloak
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think what you need may be implementing interceptor with
ContainerRequestFilterOverride the filter method so that it checks the principal information sent with each request for api-service call. Filtering out unauthorized access like: