[BUG] API Management Inbound Processing authentication-certificate validation issue

Sam Best 20 Reputation points

I encountered an issue with the frontend validation of the authentication-certificate element in the Inbound Processing code editor.

Normally, when you use an invalid certificate-id property on the authentication-certificate element and try to save, it triggers a validation error:

One or more fields contain incorrect values:

  • Error in element 'authentication-certificate' on line 5, column 10: Certificate 'sdfsdf' could not be resolved.

However, the validation is not triggered for differences in casing (case insensitive). The issue here is that it appears that the actual usage of the policy is case sensitive and silently fails to include the certificate in the requests to the target API.

Should be easy to reproduce. Add a certificate to an APIM instance, e.g. "examplecertificate" and save an Inbound Processing policy with a different casing:

<authentication-certificate certificate-id="ExampleCertificate" />

Confirm that the client certificate is not sent with requests.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,942 questions
{count} votes

Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 22,271 Reputation points

    Sam Best I am able to reproduce this issue at my end. When saving certificate-id in the authentication-certificate policy, currently validation does allow certificate-id value to be saved in a case insensitive way. However, while executing the policy it fails with the below error (can be found in trace):

    User's image

    This is definitely a bug, and we will fix it in the upcoming releases. Thanks again for reporting this bug. Please let me know if you have any questions.

    If you found the answer to your question helpful, please take a moment to mark it as Yes for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful