I have kafka cluster configuration as below:-

apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
  name: kafka-cluster
  annotations:
    strimzi.io/node-pools: enabled
    strimzi.io/kraft: enabled
spec:
  kafka:
    version: 3.8.0
    metadataVersion: 3.8-IV0
    listeners:
      - name: plain
        port: 9092
        type: internal
        tls: false
      - name: tls
        port: 9093
        type: internal
        tls: true
        configuration:
          brokerCertChainAndKey:
            secretName: kafka-tls
            certificate: tls.crt
            key: tls.key
    config:
      default.replication.factor: 3
      min.insync.replicas: 2
      auto.create.topics.enable: "false"  
  entityOperator:
    topicOperator: {}
    userOperator: {}

On client side I connect to cluster using below configuration

security.protocol=ssl
enable.ssl.certificate.verification=false

and this works.

Now I am trying to enable authorization by adding below configuration to existing cluster

    authorization:
      type: simple

and Kafka user

apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  name: kafka-admin
  namespace: kafka
  labels:
    strimzi.io/cluster: kafka-cluster
spec:
  authorization:
    type: simple
    acls:
      - resource:
          type: topic
          name: "*"
          patternType: literal
        operations:
        - All
      - resource:
          type: group
          name: "*"
          patternType: literal
        operations:
        - All
      - resource:
          type: cluster
        operations:
        - All

in application logs I see

"Broker: Topic authorization failed"

I am trying access the cluster in TLS mode. what configuration I am missing ?