I'm using Keycloak OIDC to secure my REST application running on Quarkus (lets name it repository). I have another app that has to be protected with mutual TLS (lets call it api-service). Api-service is a client of repository. How to authorize api-service call to repository when I have prinicipal obtained from mTLS? I was playing a little bit with Keycloak mTLS but it doesn't seem to be an option because it will require changes to clients of api-service and it's not possible.
Programmatic authentication of a client
233 Views Asked by Jakub Grabowski At
1
There are 1 best solutions below
Related Questions in KEYCLOAK
- Getting status code 404 and service connection error while calling api using Pipe (Aerogear)
- Does OpenID Connect support resource sharing
- Implementing SSO using OpenID Connect and usage of tokens
- Keycloak Angular 2 - Check authenticated status Keycloak object
- keycloak email verifiation not working
- Keycloak port 39008 and port scan
- Redirect with URL OIDC parameters from Keycloak gives Bad Request
- How to configure CORS in APIMan
- keyclock server is not working on windows?
- Why Keycloak OAUTH2 with Netflix Zuul Reverse Proxy don't pass Token
- Keycloak display different text in theme
- Keycloak: Indicate user is temporarily locked
- Error when session expired and ajax request execute in Keycloak?
- keycloak with mod_auth_openidc advantages
- keycloak realmresourceprovider corse
Related Questions in QUARKUS
- Jackson annotations quarkus resteasy client
- How to provide swagger annotation for MultipartFormDataInput in RestEasy with Quarkus
- Why not integrate Mybatis into the system of quarkus?
- Quarkus logging to json is not working in openshift okd version 3.11
- Creating native executable without GraalVM installed
- Quarkus native image crashes
- Quarkus RestClient close()
- Wired exception when using RedirectionException in Quarkus
- Quarkus JWT with secret Asymmetric Key ES512
- QuarkusTest always failing when using PanacheMock
- How to hand over credentials with quarkus as main application without application.properties
- server failover with Quarkus Reactive MySQL Clients / io.vertx.mysqlclient
- Quarkus Swagger-UI Authorization
- Azure function (with Quarkus) getting RpcHttpRequestDataSource error on POST only while deployed
- How to make Quarkus use Apereo CAS or SAML2 authentication
Related Questions in QUARKUS-OIDC
- How to use Quarkus OIDC Client with client_secret_post authentication option
- Is any way to set SameSiteCookie=None when remove q_session cookie on Quarkus?
- Quarkus OIDC Keycloak: How to modify cookie age
- Is there a way to exclude some paths from the Quarkus OIDC verification
- ContextNotActiveException when using RestClient
- Quarkus SmallRye-JWT JSON Web Key Sets refresh-interval
- Getting first name, last name and email from Keycloak using Quarkus OIDC integration
- Using keycloak public client token to communicate with confidential client
- Test container not able to pass quarkus environment variable
- How to use dynamic roles with @TestSecurity
- Protect all endpoints automatically
- Programmatic authentication of a client
- Authenticate a GraphQL endpoint against Keycloak with custom response in Quarkus
- How to configure a quarkus custom HttpAuthenticationMechanism?
- is there a smaple quarkus project with multiple named OidcClients to call multiple service calls?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think what you need may be implementing interceptor with
ContainerRequestFilterOverride the filter method so that it checks the principal information sent with each request for api-service call. Filtering out unauthorized access like: