Have a look at something called external, or forward auth. For example 1) Traefik: https://doc.traefik.io/traefik/middlewares/http/forwardauth/, 2) Nginx: https://docs.nginx.com/nginx/admin-guide/security-controls/c..., 3) Envoy: https://www.envoyproxy.io/docs/envoy/latest/configuration/li....

This can be used to add whatever authn/authz you require to apps that don't even support authn/authz. I'm using Traefik ForwardAuth with Keycloak for Jaeger SSO in a couple of places.