Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Configuration.MutualTlsOptions
Assembly: Duende.IdentityServer
Inheritance: object → MutualTlsOptions
Options for Mutual TLS features
Properties
public
bool
Enabled
Specifies if MTLS support should be enabled
public
string
ClientCertificateAuthenticationScheme
Specifies the name of the authentication handler for X.509 client certificates
public
string
DomainName
Specifies a separate domain to run the MTLS endpoints on.
Remarks If the string does not contain any dots, it is treated as a
subdomain. For example, if the non-mTLS endpoints are hosted at
example.com, configuring this option with the value "mtls" means that
mtls is required for requests to mtls.example.com.
If the string contains dots, it is treated as a complete domain.
mTLS will be required for requests whose host name matches the
configured domain name completely, including the port number.
This allows for separate domains for the mTLS and non-mTLS endpoints.
For example, identity.example.com and mtls.example.com.
public
bool
AlwaysEmitConfirmationClaim
Specifies whether a cnf claim gets emitted for access tokens if a client certificate was present.
Normally the cnf claims only gets emitted if the client used the client certificate for authentication,
setting this to true, will set the claim regardless of the authentication method. (defaults to false).
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object