mTLS Authentication
mTLS Authentication (Mutual Transport Layer Security Authentication) Policy is an authentication method made by Apinizer.
This method is a type of TLS (Transport Layer Security) protocol used to establish a secure channel between client and server.
When using mTLS Authentication, Apinizer checks the validity of the client's certificate in incoming requests and ensures that a trusted certificate authority (CA) is used to ensure it comes from a specific certificate authority.
mTLS Authentication searches by matching the "cn name" information in the "issuer" value in the certificate owned by the incoming request (standart RFC4519Style) with the username information in the Credentials. The certificate is verified with the Truststore in the mTLS settings of the found credential. If there is more than one cn name value in the "issuer", the first one is taken.
In order to use this policy, SSL Offloading must be done ("HTTPS Enabled") on Apinizer Environment's and the mTLS option must be selected.
The picture below shows the mTLS Authentication settings:
The mTLS Authentication fields are shown in the table below.
Field | Description |
---|---|
Name | The name can be written to facilitate the use and management of the policy. You will need this name during the management and selection of policies. |
Description | An optional description of the policy that may be useful for usage and management activities. |
Validate Certificate's Issuer | It provides validation of the certificate by validating the certificate with the truststore owned by the relevant credential. This tag was written to indicate the policy's intended use and is always open by default and cannot be changed. |
Validate Certificate | It checks the validity of the certificate by checking if the current date and time is within the validity period given in the certificate. |
Validate ACL for Issuer | Since this value is activated, it allows checking whether the credential with "cn name" value in the certificate has access to this API Proxy. |
If this option is enabled and the IP information was specified while defining the user, it is also checked whether the request comes from the IP(s) given for this user. | |
Add Client Info to Header | If this option is checked, username of the authenticated user will be sent to the Backend API in a header when the authentication is successful. The default name of the header is X-Authenticated-UserId and can be changed if desired. |
Authenticated User Header Name | If the Add Client Info to Header option is checked, it is the username or the name of the title to which the key will be added. |
Authorization Configuration | This option is activated to configure the access control according to the roles of the users. Please visit the Authorization page for more information. |
You can visit the Policies page for the details of the Conditions and Error Message Customization panels.
mTLS Authentication (Mutual Transport Layer Security Authentication) Policy is an authentication method made by Apinizer.
This method is a type of TLS (Transport Layer Security) protocol used to establish a secure channel between client and server.
When using mTLS Authentication, Apinizer checks the validity of the client's certificate in incoming requests and ensures that a trusted certificate authority (CA) is used to ensure it comes from a specific certificate authority.
mTLS Authentication searches by matching the "cn name" information in the "issuer" value in the certificate owned by the incoming request (standart RFC4519Style) with the username information in the Credentials. The certificate is verified with the Truststore in the mTLS settings of the found credential. If there is more than one cn name value in the "issuer", the first one is taken.
In order to use this policy, SSL Offloading must be done ("HTTPS Enabled") on Apinizer Environment's and the mTLS option must be selected.
The picture below shows the mTLS Authentication settings:
The mTLS Authentication fields are shown in the table below.
Field | Description |
---|---|
Description | An optional description of the policy that may be useful for usage and management activities. |
Validate Certificate's Issuer | It provides validation of the certificate by validating the certificate with the truststore owned by the relevant credential. This tag was written to indicate the policy's intended use and is always open by default and cannot be changed. |
Validate Certificate | It checks the validity of the certificate by checking if the current date and time is within the validity period given in the certificate. |
Validate ACL for Issuer | Since this value is activated, it allows checking whether the credential with "cn name" value in the certificate has access to this API Proxy. |
If this option is enabled and the IP information was specified while defining the user, it is also checked whether the request comes from the IP(s) given for this user. | |
Add Client Info to Header | If this option is checked, username of the authenticated user will be sent to the Backend API in a header when the authentication is successful. The default name of the header is X-Authenticated-UserId and can be changed if desired. |
Authenticated User Header Name | If the Add Client Info to Header option is checked, it is the username or the name of the title to which the key will be added. |
Authorization Configuration | This option is activated to configure the access control according to the roles of the users. Please visit the Authorization page for more information. |
You can visit the Policies page for the details of the Conditions and Error Message Customization panels.