Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Application Gateway Mutual Authentication Support #9965

Merged
merged 3 commits into from
Jul 1, 2020
Merged

Application Gateway Mutual Authentication Support #9965

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e9d7822
Adding mutual auth api definitions.
Jun 25, 2020
f972361
Adding examples.
Jun 26, 2020
08f526c
Fixing case.
Jun 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 124 additions & 0 deletions ...tion/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1361,6 +1361,15 @@
},
"description": "Application Gateway Ssl policy."
},
"ApplicationGatewayClientAuthConfiguration": {
"properties": {
"verifyClientCertIssuerDN": {
"type": "boolean",
"description": "Verify client certificate issuer name on the application gateway."
}
},
"description": "Application gateway client authentication configuration."
},
"ApplicationGatewayIPConfigurationPropertiesFormat": {
"properties": {
"subnet": {
Expand Down Expand Up @@ -1494,6 +1503,49 @@
],
"description": "Trusted Root certificates of an application gateway."
},
"ApplicationGatewayTrustedClientCertificatePropertiesFormat": {
"properties": {
"data": {
"type": "string",
"description": "Certificate public data."
},
"provisioningState": {
"readOnly": true,
"$ref": "./network.json#/definitions/ProvisioningState",
"description": "The provisioning state of the trusted client certificate resource."
}
},
"description": "Trusted client certificates properties of an application gateway."
},
"ApplicationGatewayTrustedClientCertificate": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/ApplicationGatewayTrustedClientCertificatePropertiesFormat",
"description": "Properties of the application gateway trusted client certificate."
},
"name": {
"type": "string",
"description": "Name of the trusted client certificate that is unique within an Application Gateway."
},
"etag": {
"readOnly": true,
"type": "string",
"description": "A unique read-only string that changes whenever the resource is updated."
},
"type": {
"readOnly": true,
"type": "string",
"description": "Type of the resource."
}
},
"allOf": [
{
"$ref": "./network.json#/definitions/SubResource"
}
],
"description": "Trusted client certificates of an application gateway."
},
"ApplicationGatewaySslCertificatePropertiesFormat": {
"properties": {
"data": {
Expand Down Expand Up @@ -1827,6 +1879,60 @@
],
"description": "Backend address pool settings of an application gateway."
},
"ApplicationGatewaySslProfilePropertiesFormat": {
"properties": {
"trustedClientCertificates": {
"type": "array",
"items": {
"$ref": "./network.json#/definitions/SubResource"
},
"description": "Array of references to application gateway trusted client certificates."
},
"sslPolicy": {
"$ref": "#/definitions/ApplicationGatewaySslPolicy",
"description": "SSL policy of the application gateway resource."
},
"clientAuthConfiguration": {
"$ref": "#/definitions/ApplicationGatewayClientAuthConfiguration",
"description": "Client authentication configuration of the application gateway resource."
},
"provisioningState": {
"readOnly": true,
"$ref": "./network.json#/definitions/ProvisioningState",
"description": "The provisioning state of the HTTP listener resource."
}
},
"description": "Properties of SSL profile of an application gateway."
},
"ApplicationGatewaySslProfile": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/ApplicationGatewaySslProfilePropertiesFormat",
"description": "Properties of the application gateway SSL profile."
},
"name": {
"type": "string",
"description": "Name of the SSL profile that is unique within an Application Gateway."
},
"etag": {
"readOnly": true,
"type": "string",
"description": "A unique read-only string that changes whenever the resource is updated."
},
"type": {
"readOnly": true,
"type": "string",
"description": "Type of the resource."
}
},
"allOf": [
{
"$ref": "./network.json#/definitions/SubResource"
}
],
"description": "SSL profile of an application gateway."
},
"ApplicationGatewayHttpListenerPropertiesFormat": {
"properties": {
"frontendIPConfiguration": {
Expand All @@ -1849,6 +1955,10 @@
"$ref": "./network.json#/definitions/SubResource",
"description": "SSL certificate resource of an application gateway."
},
"sslProfile": {
"$ref": "./network.json#/definitions/SubResource",
"description": "SSL profile resource of the application gateway."
},
"requireServerNameIndication": {
"type": "boolean",
"description": "Applicable only if protocol is https. Enables SNI for multi-hosting."
Expand Down Expand Up @@ -2662,6 +2772,13 @@
},
"description": "Trusted Root certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"trustedClientCertificates": {
"type": "array",
"items": {
"$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate"
},
"description": "Trusted client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"sslCertificates": {
"type": "array",
"items": {
Expand Down Expand Up @@ -2711,6 +2828,13 @@
},
"description": "Http listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"sslProfiles": {
"type": "array",
"items": {
"$ref": "#/definitions/ApplicationGatewaySslProfile"
},
"description": "SSL profiles of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"urlPathMaps": {
"type": "array",
"items": {
Expand Down
107 changes: 107 additions & 0 deletions ...source-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"properties": {
"data": "****"
}
}
],
"frontendIPConfigurations": [
{
"name": "appgwfip",
Expand Down Expand Up @@ -107,6 +115,28 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"properties": {
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -121,6 +151,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down Expand Up @@ -285,6 +318,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -340,6 +383,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -356,6 +423,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down Expand Up @@ -531,6 +601,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -589,6 +669,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -605,6 +709,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down
37 changes: 37 additions & 0 deletions .../resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -97,6 +107,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -113,6 +147,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down