When multiple consumers access a route on a cloud-native gateway, an authentication policy controls which consumers are allowed through. Each incoming request must carry valid credentials that match a configured consumer. Requests without valid credentials are rejected before reaching the backend service.
How it works
Authentication policies work together with consumer authentication configurations:
You define credentials for each consumer in a consumer authentication configuration.
You enable an authentication policy on a route and select an authentication type.
On each incoming request, the gateway checks the request credentials against the configured consumers.
If the credentials match a known consumer, the request is forwarded to the backend service. Otherwise, the gateway rejects the request.
Prerequisites
Before you begin, make sure that you have:
An MSE cloud-native gateway instance
At least one route configured on the gateway
Consumer authentication configured for the consumers that need access. See Configure consumer authentication
Enable authentication on a route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Routes tab.
Find the target routing rule and click Actions in the Policies column.
On the Policies tab, click Authentication.
Configure the following parameters:
Parameter
Description
Authentication Type
The authentication method used to verify a consumer before granting access to the route. Select the method that matches the credentials configured for your consumers.
Enabled
Turn on the switch to activate authentication on this route. Authentication takes effect immediately.
Click Save.
See also
Configure consumer authentication: Set up credentials for consumers that access your routes.