Policies

Policy types

No Auth

no-auth - Unprotected rule for the given path. backendValue and customNginxConfig are valid input values for no-auth policies. optsName should not be provided.

Auth

(auth) - Auth protected rule for the given path. optsName is required and opts configuration for the given optsName will be used for the authorization code flow when a session does not already exist. backendValue, customNginxConfig, and customLuaConfig are valid input values for auth policies.

JWT Verify

jwt-verify - JWT verification protected rule for the given path. optsName is required and the opts configuration for the given optsName will be used for JWT verification of a bearer token provided in the required Authorization request header. backendValue, customNginxConfig, and customLuaConfig are valid input values for auth policies.

Introspect

intropect - Introspection protected rule for the given path. optsName is required and the opts configuration for the given optsName will be used for introspection of a bearer token provided in the required Authorization request header. backendValue, customNginxConfig, and customLuaConfig are valid input values for auth policies.

Status

status - An enhanced jwt-verify policy for the purpose of protected communication from the admin to the worker nodes to get the status of each protected resource behind the worker node. The Health Dashboard in the admin application requires this policy to be created in either an application with a domain equal to the domain of worker nodes, or an application with a domain of default.

Validate Config

validate-config - An enhanced jwt-verify policy for the purpose of protected communication from the admin to the worker nodes to validate the configuration of the worker node. The Health Dashboard in the admin application requires this policy to be created in either an application with a domain equal to the domain of worker nodes, or an application with a domain f default, in order to display the validate config results.

Reload Worker

reload-worker - An enhanced jwt-verify policy for the purpose of protected communication from the admin to the worker nodes to reload the configuration of the worker node. Theadmin application requires this policy to be created in either an application with a domain equal to the domain of worker nodes, or an application with a domain of default.

Policy Path

policyPath  - Required for all custom policies. Represents a URI in an application. All policy paths must start with / and a path of / represents the root policy. 

Backend Value

backendValue - Defines where to proxy requests to a given policy to. Value can be a cluster name configured in the cluster management, a URL (e.g. a VIP, a single host, or another load balanced URL), or {protocol}://{cluster-name} to explicitly define the protocol to use to proxy to a configured cluster.

Opts Name

optsName - Enter the name of a set of options configurations you configured under IdP Options to be used for all policies other than the no-auth type.

Host Header

hostHeader - set the response host header

Custom Nginx Config

customNginxConfig - Add optional custom NGINX configuration at the policy level to support your specific environment needs.