Request authentication policies define JSON Web Token (JWT) rules for request authentication. A request is denied if authentication information that is contained in the request is determined as invalid based on the defined JWT rule. This topic describes how to create, modify, and delete a request authentication policy.

Prerequisites

Make sure that the Istio version is 1.6 or later. Otherwise, you cannot use the request authentication feature.

Create a request authentication policy

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Security > RequestAuthentication in the left-side navigation pane. On the RequestAuthentication page, click Create.
  5. In the Create panel, set the parameters.
    1. Select a namespace from the Namespaces drop-down list.
    2. In the code editor, enter code to configure a request authentication policy.
    3. Click OK.
    On the RequestAuthentication page, you can view the created request authentication policy.

Modify a request authentication policy

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Security > RequestAuthentication in the left-side navigation pane.
  5. On the RequestAuthentication page, find the request authentication policy that you want to modify and click YAML in the Actions column.
  6. In the Edit panel, modify the request authentication policy and click OK.

Delete a request authentication policy

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Security > RequestAuthentication in the left-side navigation pane.
  5. On the RequestAuthentication page, find the request authentication policy that you want to delete and click Delete in the Actions column.
  6. In the Submit message, click OK.
    The request authentication policy disappears from the RequestAuthentication page.