| ▲ | EvanAnderson 2 hours ago | |
That's great when you have control of your applications. For most corporate IT you're stuck with COTS applications and whatever their built-in auth functionality is. Sure, you can probably bolt a reverse proxy in front (if you're lucky enough for it to be a web app and not a thick native code client) but you get to argue with the vendor when they refuse support because you're not using their recommended configuration. 802.1x certificate-based authentication at layer 2 is a good defense in depth strategy. | ||
| ▲ | lokar an hour ago | parent [-] | |
Use envoy or some other reverse proxy and do per-app auth there | ||