APIM Team,
In API Manager it seems like if we check the option to secure APIs using
Mutual TLS security AND OAuth2 security for APIs, API Manager checks if
either of the mechanisms are in place. There is no way to enforce both on
an API. There are good number of customers who want to enforce both
Also a related to question to this:
The latest version of IS supports service provider wise certificate
uploading for mutual TLS authentication and private key JWT authentication.
So I guess if APIM uses that feature internally to manage the mapping
between OAuth2 client and certificates, throttlin
On Tue, Mar 5, 2019 at 4:57 AM Johann Nallathamby wrote:
> APIM Team,
>
> In API Manager it seems like if we check the option to secure APIs using
> Mutual TLS security AND OAuth2 security for APIs, API Manager checks if
> either of the mechanisms are in place. There is no way to enforce both on
On Tue, Mar 5, 2019 at 5:56 PM Johann Nallathamby wrote:
> Also a related to question to this:
> The latest version of IS supports service provider wise certificate
> uploading for mutual TLS authentication and private key JWT authentication.
> So I guess if APIM uses that feature internally to m
