Make client certificates optional for tls mutual authentication
We have a set of services that need to be able to support both client certificate authentication and AAD JWT authentication.
The current behavior either makes the certificate mandatory which doesn't work for us as the same routes/apis need to support the AAD jwt token auth, or nothing at all.
Making the certificate mandatory per route is also not useful as the same route needs to support both.
Peter Butzhammer commented
This would be a great feature. One scenario is to allow a website to be either used by users (with interactive AAD workflow) or be used as a dashboard, displayed on a big screen (with certificate and without user interaction).
Any update on this? this is a blocking issue