Client Auth #

In a production environment mutualTLS authentication is recommended even if OAuth is configured.

Mutual TLS #

Configure the path for the server keystore (used by the server) and the server truststore (used by the client). The certificates should be provided in PKCS#12 however other formats are supported as well.

"%custom":
  universalid:
    # HTTP
    http:
      ssl:
        certificate:
          key-store-file: crypto/server-keystore/server.keystore.p12
          key-store-password: "password"
          trust-store-file: crypto/server-truststore/server.truststore.p12
          trust-store-password: "password"

Basic Auth #

You can also configure Basic Auth for a non-production environment. This can be also be used in conjunction with mTLS. Below is an example which configures a Basic Auth policy for the /swagger endpoint:

"%custom":
  universalid:
    http:
      auth:
        policy:
          swagger-policy:
            roles-allowed: swagger
        permission:
          swagger-permission:
            paths: /swagger*
            policy: swagger-policy