Skip to content

Add mTLS PoP Copilot skill (certificate, MSI, FIC)#3872

Merged
gladjohn merged 3 commits into
masterfrom
gladjohn/mtls-pop-skill
Jun 17, 2026
Merged

Add mTLS PoP Copilot skill (certificate, MSI, FIC)#3872
gladjohn merged 3 commits into
masterfrom
gladjohn/mtls-pop-skill

Conversation

@gladjohn

@gladjohn gladjohn commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a new Copilot skill for mTLS Proof-of-Possession covering all three credential types:

  1. Certificate - app's own cert for client auth + PoP binding
  2. Pure MSI - binding cert from IMDS v2 (VM/VMSS only)
  3. FIC - managed identity signed assertion as client credential

Files

  • SKILL.md - full guidance doc with config snippets, troubleshooting, and architecture
  • MtlsPopWithCertificateCredential.cs - reference for cert-based mTLS PoP
  • MtlsPopWithManagedIdentity.cs - reference for pure MSI mTLS PoP
  • MtlsPopWithFederatedIdentity.cs - reference for FIC mTLS PoP
  • Updated README.md skills table

Key points covered

  • ProtocolScheme MTLS_POP configuration per credential type
  • AKV-specific ExtraHeaderParameters (x-ms-tokenboundauth: true)
  • Sovereign cloud DNS suffixes and scopes
  • Why only AKV needs the extra header (TLS renegotiation vs initial handshake)
  • Troubleshooting table for common 401 errors

@gladjohn
Add mTLS PoP skill for certificate, MSI, and FIC credentials
583a1c3 
Adds a Copilot skill covering mTLS Proof-of-Possession configuration with
three credential types: certificate, pure managed identity, and federated
identity credentials. Includes AKV-specific ExtraHeaderParameters guidance.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gladjohn gladjohn requested a review from a team as a code owner June 17, 2026 14:30
gladjohn and others added 2 commits June 17, 2026 07:31
@gladjohn
Merge branch 'master' into gladjohn/mtls-pop-skill
47eb536
@gladjohn
Rename skill folder to boundcredentials
4c7cd76 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gladjohn gladjohn merged commit a6342c5 into master Jun 17, 2026
4 checks passed
@gladjohn gladjohn deleted the gladjohn/mtls-pop-skill branch June 17, 2026 15:35
This was referenced Jun 24, 2026
Merged
Merged
Open
Merged
Closed
Open
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Open
Open
Closed
Merged
Merged
Closed
Open
Merged
Merged
This was referenced Jun 25, 2026
Merged
Merged
Closed
Open
Merged
Merged
Merged
Merged
Open
Open
Merged
Merged
Merged
Open
Open
Open
Open
Open
Closed
Open
Merged
Open
Merged
Open
Open
Merged
Open
Open
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gladjohn @bgavrilMS