From e97f4fc850b0460b66e467d7baa8f4ced9850779 Mon Sep 17 00:00:00 2001 From: Venktesh Date: Tue, 30 Sep 2025 16:29:09 +0100 Subject: [PATCH] add docs for sslVerify in JWT policy --- content/nic/configuration/policy-resource.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/nic/configuration/policy-resource.md b/content/nic/configuration/policy-resource.md index 8efcc0064..d803f4207 100644 --- a/content/nic/configuration/policy-resource.md +++ b/content/nic/configuration/policy-resource.md @@ -456,6 +456,9 @@ This feature is implemented using the NGINX Plus directive [auth_jwt_key_request |``token`` | The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the ``Authorization`` header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: ``$cookie_auth_token``. Accepted variables are ``$http_``, ``$arg_``, ``$cookie_``. | ``string`` | No | -- | |``sniEnabled`` | Enables SNI (Server Name Indication) for the JWT policy. This is useful when the remote server requires SNI to serve the correct certificate. | ``bool`` | No | `false` | |``sniName`` | The SNI name to use when connecting to the remote server. If not set, the hostname from the ``jwksURI`` will be used. | ``string`` | No | -- | +|``sslVerify`` | Enables verification of the JWKS server SSL certificate. | ``bool`` | No | `false` | +|``sslVerifyDepth`` | Sets the verification depth in the JWKS server certificates chain. | ``int`` | No | `1` | +|``trustedCertSecret`` | The name of the Kubernetes secret that stores the CA certificate for JWKS server verification. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/ca``, and the certificate must be stored in the secret under the key ``ca.crt``. | ``string`` | No | -- | {{% /table %}} {{< call-out "note" >}}