Authentication Policy Origins JWT - Internal vs Public Access

YangminZhu · January 9, 2020, 11:16pm

There are 2 options to solve this:

you can apply the JWT policy on your [3]Web-Interface but not on [1] Smoke-Detector-Service.
you can set the JWT policy with originIsOptional: true and use Istio Authorization policy to enforce different access control based on the source of the request. You can write an authorization policy that requires JWT token only if the request is coming from [3] Web-Interface.

Topic		Replies	Views
Deploy Two Istio Ingress Controller Networking	0	519	January 20, 2020
Istio UX improvements you'd like to see User Experience	1	861	November 29, 2019
Jwt origin auth on ingress for some hosts but not for others Security	5	1399	December 22, 2020
JWT and Authorization Security	7	1018	July 2, 2019
Clarification for istio authentication policy with origin and peer mtls authentication	4	971	July 2, 2019