Request Authentication
Request authentication in a service mesh can be used for source authentication. Request authentication authenticates that the access token in a request header is trusted and authorizes the request from a valid source. In request authentication, Selector is used to select the target workload, and jwtRules describes authentication rules to define how to match authentication information on a JSON Web Token (JWT).
Creating a Request Authentication Policy
Create a request authentication policy using YAML.
- Log in to the UCS console. In the navigation pane, choose Service Meshes.
- Click the name of the target service mesh to go to its details page.
- In the navigation pane, choose Service Security > Request Authentication.
- Click Create from YAML in the upper right corner.
- Validate the authentication information in the request for accessing a service in the namespace.
apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication # Set the service security type to request authentication. metadata: name: forecast # Name the request authentication policy. namespace: weather # Set the namespace to weather. spec: selector: matchLabels: app: forecast # Add a label key-value pair. jwtRules: - issuer: "weather@cloudnative-istio.book " jwksUri: https://cloudnative-istio.book/jwks-demo/jwks
Update a Request Authentication Policy
- Log in to the UCS console. In the navigation pane, choose Service Meshes.
- Click the name of the target service mesh to go to its details page.
- In the navigation pane, choose Service Security > Request Authentication.
- Locate the authentication policy to be updated and click Edit YAML in the Operation column.
Deleting a Request Authentication Policy

Deleted request authentication policies cannot be recovered. Deleting a request authentication policy will not affect the running of associated services.
- Log in to the UCS console. In the navigation pane, choose Service Meshes.
- Click the name of the target service mesh to go to its details page.
- In the navigation pane, choose Service Security > Request Authentication.
- Locate the request authentication policy to be deleted and click Delete in the Operation column.
- In the dialog box displayed, click Yes.
Case
Perform request authentication on custom attributes in a token.
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: detailed-jwt spec: action: ALLOW rules: - from: - source: requestPrincipals: ["weather@cloudnative-istio.book/weather"] when: - key: request.auth.claims[role] values: ["editor"]
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot