Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to enable Management interface authentication without enabling basic authentication #39926

Closed
michalvavrik opened this issue Apr 6, 2024 · 2 comments · Fixed by #44554
Closed

Allow to enable Management interface authentication without enabling basic authentication #39926

michalvavrik opened this issue Apr 6, 2024 · 2 comments · Fixed by #44554
Labels
area/security area/vertx kind/enhancement New feature or request
Milestone
3.18.0.CR1

Comments

@michalvavrik
Copy link
Member

Description

The way management interface auth is implemented, you can already use it with other mechanisms. In fact, there already is a test in the management-interface-auth module that uses SR JWT to access secured management interface endpoint. But for that to work, you need to set quarkus.management.auth.basic=true even for cases where basic auth is not used.

Implementation ideas

I think following things should be done:

  • add quarkus.management.auth.enabled that is true by default when quarkus.management.auth.basic=true
  • test management interface endpoints secured with OIDC, SR JWT, mTLS
  • document the support for tested mechanisms
@michalvavrik michalvavrik mentioned this issue Apr 8, 2024
Merged
@cescoffier
Copy link
Member

@sberyozkin is it something you are planning to implement?

@michalvavrik
Copy link
Member Author

@sberyozkin is it something you are planning to implement?

Not Sergey, but I can answer. Management interface authentication works mostly as main authentication, I opened this issue for 2 things:

  • requiring enabling basic auth even if it is not used is clumsy
  • if we ever document management interface can do that (OIDC, ....) we need more tests (at least smoke tests as again, under the hood it's all the same)

This issue is on my list, I just didn't get to if. It should be pretty easy, I'll try to prioritize.

@michalvavrik michalvavrik mentioned this issue Nov 17, 2024
Merged
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security area/vertx kind/enhancement New feature or request
Projects
None yet
Milestone
3.18.0.CR1
2 participants
@cescoffier @michalvavrik