Versions Compared

Old Version 32

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version Current

changes.mady.by.user John Brinckwirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added feature flag info based on dev request/field issues

...

Use this policy with APIM Proxies to ensure that inbound endpoints are verified by TLS certificates during API processing. When a client calls an API with this policy, the server and client exchange TLS certificates. With the Inbound TLS policy, SnapLogic is the server.

...

This policy differs from most other policies in that the initial configuration determines the workflow, rather than the Settings dialog.

...

Info

Requires Feature Flag Enablement on your Org

Contact your CSM to enable this feature. The following feature flag must be enabled for this policy on your Org

. Contact your CSM to enable the feature.

:
“com.snaplogic.utils.APIMClientCertificateValidator.ALLOWED_SNAPLEX_FOR_MTLS": "[<list of runtime path id or use all for enabling for all ground plexes>]”

Examples
For one Snaplex:
"com.snaplogic.utils.APIMClientCertificateValidator.ALLOWED_SNAPLEX_FOR_MTLS": "[\"{org_name}/rt/{snaplex_location}/{snaplex_environment}\"]",

For all Snaplexes:
"com.snaplogic.utils.APIMClientCertificateValidator.ALLOWED_SNAPLEX_FOR_MTLS": "[\"all\"]",

Policy Execution Order

  • The client provides their certificate during TLS/SSL authentication.

  • The policy checks for the certificates in the HTTP request. If present, the policy verifies that the certificate is present in the SnapLogic truststore and is not expired.

  • The Inbound TLS policy then allows the request to be processed.

...