Skip to content

Commit

Permalink
Application Gateway Mutual Authentication Support (#9965)
Browse files Browse the repository at this point in the history 
* Adding mutual auth api definitions.

* Adding examples.

* Fixing case.

Co-authored-by: Hemant Imudianda <[email protected]>
  • Loading branch information
@HemantErappa
HemantErappa and Hemant Imudianda authored Jul 1, 2020
1 parent c96cf26 commit 77ef503
Show file tree
Hide file tree
Showing 3 changed files with 268 additions and 0 deletions.
124 changes: 124 additions & 0 deletions ...tion/network/resource-manager/Microsoft.Network/stable/2020-06-01/applicationGateway.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1361,6 +1361,15 @@
},
"description": "Application Gateway Ssl policy."
},
"ApplicationGatewayClientAuthConfiguration": {
"properties": {
"verifyClientCertIssuerDN": {
"type": "boolean",
"description": "Verify client certificate issuer name on the application gateway."
}
},
"description": "Application gateway client authentication configuration."
},
"ApplicationGatewayIPConfigurationPropertiesFormat": {
"properties": {
"subnet": {
Expand Down Expand Up @@ -1494,6 +1503,49 @@
],
"description": "Trusted Root certificates of an application gateway."
},
"ApplicationGatewayTrustedClientCertificatePropertiesFormat": {
"properties": {
"data": {
"type": "string",
"description": "Certificate public data."
},
"provisioningState": {
"readOnly": true,
"$ref": "./network.json#/definitions/ProvisioningState",
"description": "The provisioning state of the trusted client certificate resource."
}
},
"description": "Trusted client certificates properties of an application gateway."
},
"ApplicationGatewayTrustedClientCertificate": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/ApplicationGatewayTrustedClientCertificatePropertiesFormat",
"description": "Properties of the application gateway trusted client certificate."
},
"name": {
"type": "string",
"description": "Name of the trusted client certificate that is unique within an Application Gateway."
},
"etag": {
"readOnly": true,
"type": "string",
"description": "A unique read-only string that changes whenever the resource is updated."
},
"type": {
"readOnly": true,
"type": "string",
"description": "Type of the resource."
}
},
"allOf": [
{
"$ref": "./network.json#/definitions/SubResource"
}
],
"description": "Trusted client certificates of an application gateway."
},
"ApplicationGatewaySslCertificatePropertiesFormat": {
"properties": {
"data": {
Expand Down Expand Up @@ -1827,6 +1879,60 @@
],
"description": "Backend address pool settings of an application gateway."
},
"ApplicationGatewaySslProfilePropertiesFormat": {
"properties": {
"trustedClientCertificates": {
"type": "array",
"items": {
"$ref": "./network.json#/definitions/SubResource"
},
"description": "Array of references to application gateway trusted client certificates."
},
"sslPolicy": {
"$ref": "#/definitions/ApplicationGatewaySslPolicy",
"description": "SSL policy of the application gateway resource."
},
"clientAuthConfiguration": {
"$ref": "#/definitions/ApplicationGatewayClientAuthConfiguration",
"description": "Client authentication configuration of the application gateway resource."
},
"provisioningState": {
"readOnly": true,
"$ref": "./network.json#/definitions/ProvisioningState",
"description": "The provisioning state of the HTTP listener resource."
}
},
"description": "Properties of SSL profile of an application gateway."
},
"ApplicationGatewaySslProfile": {
"properties": {
"properties": {
"x-ms-client-flatten": true,
"$ref": "#/definitions/ApplicationGatewaySslProfilePropertiesFormat",
"description": "Properties of the application gateway SSL profile."
},
"name": {
"type": "string",
"description": "Name of the SSL profile that is unique within an Application Gateway."
},
"etag": {
"readOnly": true,
"type": "string",
"description": "A unique read-only string that changes whenever the resource is updated."
},
"type": {
"readOnly": true,
"type": "string",
"description": "Type of the resource."
}
},
"allOf": [
{
"$ref": "./network.json#/definitions/SubResource"
}
],
"description": "SSL profile of an application gateway."
},
"ApplicationGatewayHttpListenerPropertiesFormat": {
"properties": {
"frontendIPConfiguration": {
Expand All @@ -1849,6 +1955,10 @@
"$ref": "./network.json#/definitions/SubResource",
"description": "SSL certificate resource of an application gateway."
},
"sslProfile": {
"$ref": "./network.json#/definitions/SubResource",
"description": "SSL profile resource of the application gateway."
},
"requireServerNameIndication": {
"type": "boolean",
"description": "Applicable only if protocol is https. Enables SNI for multi-hosting."
Expand Down Expand Up @@ -2662,6 +2772,13 @@
},
"description": "Trusted Root certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"trustedClientCertificates": {
"type": "array",
"items": {
"$ref": "#/definitions/ApplicationGatewayTrustedClientCertificate"
},
"description": "Trusted client certificates of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"sslCertificates": {
"type": "array",
"items": {
Expand Down Expand Up @@ -2711,6 +2828,13 @@
},
"description": "Http listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"sslProfiles": {
"type": "array",
"items": {
"$ref": "#/definitions/ApplicationGatewaySslProfile"
},
"description": "SSL profiles of the application gateway resource. For default limits, see [Application Gateway limits](https://docs.microsoft.com/azure/azure-subscription-service-limits#application-gateway-limits)."
},
"urlPathMaps": {
"type": "array",
"items": {
Expand Down
107 changes: 107 additions & 0 deletions ...source-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayCreate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"properties": {
"data": "****"
}
}
],
"frontendIPConfigurations": [
{
"name": "appgwfip",
Expand Down Expand Up @@ -107,6 +115,28 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"properties": {
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -121,6 +151,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down Expand Up @@ -285,6 +318,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -340,6 +383,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -356,6 +423,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down Expand Up @@ -531,6 +601,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -589,6 +669,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -605,6 +709,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down
37 changes: 37 additions & 0 deletions .../resource-manager/Microsoft.Network/stable/2020-06-01/examples/ApplicationGatewayGet.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,16 @@
}
}
],
"trustedClientCertificates": [
{
"name": "clientcert",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert",
"properties": {
"provisioningState": "Succeeded",
"data": "****"
}
}
],
"authenticationCertificates": [],
"frontendIPConfigurations": [
{
Expand Down Expand Up @@ -97,6 +107,30 @@
}
}
],
"sslProfiles": [
{
"name": "sslProfile1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1",
"properties": {
"provisioningState": "Succeeded",
"sslPolicy": {
"policyType": "Custom",
"minProtocolVersion": "TLSv1_1",
"cipherSuites": [
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
},
"clientAuthConfiguration": {
"verifyClientCertIssuerDN": true
},
"trustedClientCertificates": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/trustedClientCertificates/clientcert"
}
]
}
}
],
"httpListeners": [
{
"name": "appgwhl",
Expand All @@ -113,6 +147,9 @@
"sslCertificate": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslCertificates/sslcert"
},
"sslProfile": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/applicationGateways/appgw/sslProfiles/sslProfile1"
},
"requireServerNameIndication": false
}
},
Expand Down

0 comments on commit 77ef503

Please sign in to comment.