Policies

mTLS Auth Policy

This policy will authenticate users based on mTLS certificates that are configured for your project. This policy is available only to enterprise customers (contact sales@zuplo.com to request info). When a requests is authenticated with an mTLS certificate, the certificate data will be set as the user object of the request. The user.sub property will be the value of the certificates DN.

Enterprise Feature

This policy is only available as as part of our enterprise plans. If you would like to use this in production reach out to us: sales@zuplo.com

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{
  "name": "my-mtls-auth-inbound-policy",
  "policyType": "mtls-auth-inbound",
  "handler": {
    "export": "MTLSAuthInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "allowExpiredCertificates": false,
      "allowRevokedCertificates": false,
      "allowUnauthenticatedRequests": false
    }
  }
}

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

  • allowUnauthenticatedRequests <boolean> -
    Indicates whether the request should continue if authentication fails. Default is false which means unauthenticated users will automatically receive a 401 response.
    Defaults to false.
  • allowExpiredCertificates <boolean> -
    Indicates whether the request should continue if the certificate is expired.
    Defaults to false.
  • allowRevokedCertificates <boolean> -
    Indicates whether the request should continue if the certificate is revoked.
    Defaults to false.

Using the Policy

Read more about how policies work

Previous
Basic Auth
Next
LDAP Auth