You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If more than one authentication mechanism is registered then the authentication is complete as soon as the first SecurityIdentity is created by one of the mechanisms. However it is not enough when tokens or other credentials have to be carried over mTLS since only mTLS mechanism will create SecurityIdentity.
Quarkus Security should support inclusive authentication which will require all the registered authentication mechanisms to perform the authentication.
This enhancement is a prerequisite for #4482 (OIDC bearer access token binding to the client certificate) but I believe it will also be of general interest to support the user authentication over VPN, etc.
Implementation ideas
No response
The text was updated successfully, but these errors were encountered:
Description
If more than one authentication mechanism is registered then the authentication is complete as soon as the first
SecurityIdentityis created by one of the mechanisms. However it is not enough when tokens or other credentials have to be carried overmTLSsince onlymTLSmechanism will createSecurityIdentity.Quarkus Security should support
inclusiveauthentication which will require all the registered authentication mechanisms to perform the authentication.This enhancement is a prerequisite for #4482 (OIDC bearer access token binding to the client certificate) but I believe it will also be of general interest to support the user authentication over VPN, etc.
Implementation ideas
No response
The text was updated successfully, but these errors were encountered: