Endpoint configuration
Basic configuration
The basic configuration sets allowed hosts for all protocols using the horizon-config utility in RPM mode, and using the ALLOWED_HOSTS helm parameters
Advanced configuration
Endpoints can be configured to only allow certain capabilities using the horizon.endpoints config parameter.
The format is the following:
horizon.endpoints = [{
# Hostname to allow
host = "host.evertrust"
# Allow configuration endpoints - default: false
configuration = true
# Allow event endpoints - default: false
events = true
# Allow discovery feed endpoints - default: false
discovery = true
# Allow WebRA endpoints - default: false
webra = true
# Allow WCCE endpoints - default: false
wcce = true
# Allow ACME endpoints - default: false
acme = true
# Allow EST endpoints - default: false
est = true
# Allow SCEP endpoints - default: false
scep = true
# Allow SCIM endpoints - default: false
scim = true
# Allow JAMF and Intune endpoints - default: false
mdm = true
}, ...]
When horizon.endpoints is set, the hosts allowed with basic configuration are ignored
|
The following details each route that is authorized by the above capabilities.
EST
GET /.well-known/est/:profile/cacerts POST /.well-known/est/:profile/simpleenroll POST /.well-known/est/:profile/simplereenroll
SCEP
GET /certsrv/:profile/mscep_admin GET /certsrv/:profile/mscep_admin/*restUri GET /certsrv/:profile/mscep POST /certsrv/:profile/mscep GET /certsrv/:profile/mscep/*restUri POST /certsrv/:profile/mscep/*restUri GET /certSrv/:profile/mscep_admin GET /certSrv/:profile/mscep_admin/*restUri GET /certSrv/:profile/mscep POST /certSrv/:profile/mscep GET /certSrv/:profile/mscep/*restUri POST /certSrv/:profile/mscep/*restUri GET /scep/:profile/pkiclient.exe POST /scep/:profile/pkiclient.exe
MDM
GET /intune/:profile/pkiclient.exe GET /jamf/:profile/mscep_admin GET /jamf/:profile/mscep_admin/*restUri GET /jamf/:profile/mscep POST /jamf/:profile/mscep GET /jamf/:profile/mscep/*restUri POST /jamf/:profile/mscep/*restUri
ACME
GET /acme/:profile/directory GET /acme/:profile/new-nonce HEAD /acme/:profile/new-nonce POST /acme/:profile/new-acct POST /acme/acct/:profile/:accountId POST /acme/:profile/key-change POST /acme/:profile/new-order GET /acme/acct/:profile/:accountId/order/:orderId/finalize GET /acme/order/:profile/:orderId POST /acme/order/:profile/:orderId POST /acme/acct/:profile/:accountId/order/:orderId/finalize GET /acme/acct/:profile/:accountId/orders POST /acme/acct/:profile/:accountId/orders POST /acme/acct/:profile/:accountId/*restUri GET /acme/authz/:profile/:id POST /acme/authz/:profile/:id POST /acme/authz/:profile/:id/:challengeType GET /acme/authz/:profile/:id/:challengeType GET /acme/cert/:profile/:orderId POST /acme/cert/:profile/:orderId POST /acme/:profile/revoke-cert
WEBRA
GET /api/v1/certificates/$id<[0-9a-fA-F]{24}>
GET /api/v1/certificates/:pem
POST /api/v1/certificates/
POST /api/v1/certificates/aggregate
POST /api/v1/certificates/csv
POST /api/v1/certificates/search
GET /api/v1/certificates/search/dictionary
PATCH /api/v1/certificates/run/$id<[0-9a-fA-F]{24}>/:triggerName/:event
GET /api/v1/licenses/modules
POST /api/v1/requests/aggregate
POST /api/v1/requests/approve
POST /api/v1/requests/cancel
POST /api/v1/requests/csv
POST /api/v1/requests/deny
GET /api/v1/requests/profiles
POST /api/v1/requests/search
POST /api/v1/requests/submit
POST /api/v1/requests/template
GET /api/v1/requests/:id
GET /api/v1/requests/search/dictionary
GET /api/v1/rfc5280/crl/:pem
POST /api/v1/rfc5280/crl
GET /api/v1/rfc5280/pkcs10/:pem
POST /api/v1/rfc5280/pkcs10
POST /api/v1/rfc5280/pkcs12
GET /api/v1/rfc5280/x509/:pem
POST /api/v1/rfc5280/x509
GET /api/v1/rfc5280/tc/:pem
POST /api/v1/rfc5280/tc
POST /api/v1/crypto/detect
GET /api/v1/openssh/:base64
POST /api/v1/openssh/
GET /api/v1/rfc3161/:base64
POST /api/v1/rfc3161/
GET /api/v1/rfc6960/:base64
POST /api/v1/rfc6960/
PATCH /api/v1/security/identity/locals/
POST /api/v1/security/identity/locals/password
GET /api/v1/security/identity/locals/password/:identifier
GET /api/v1/security/identity/providers/dynamic/enabled
GET /api/v1/security/passwordpolicies/:name/generate
GET /api/v1/security/principals/self
GET /api/v1/security/principals/authenticate
GET /api/v1/security/principals/logout
GET /api/v1/security/principals/queries
GET /api/v1/security/principals/queries/:name
POST /api/v1/security/principals/queries
DELETE /api/v1/security/principals/queries/:name
GET /api/v1/security/principals/dashboards
GET /api/v1/security/principals/dashboards/:name
POST /api/v1/security/principals/dashboards
PUT /api/v1/security/principals/dashboards
DELETE /api/v1/security/principals/dashboards/:name
POST /api/v1/security/principals/preferences
GET /api/v1/security/principals/dictionary
GET /api/v1/trustchains/
GET /api/v1/trustchains/:anchor
GET /api/v1/ui/
GET /api/v1/endpoints/
EVENTS
POST /api/v1/discovery/events/search POST /api/v1/discovery/events/csv GET /api/v1/discovery/events/:id GET /api/v1/discovery/events/search/dictionary GET /api/v1/events/integrity/run GET /api/v1/events/integrity/ POST /api/v1/events/search POST /api/v1/events/csv GET /api/v1/events/:id GET /api/v1/events/search/dictionary GET /api/v1/licenses/modules GET /api/v1/rfc5280/crl/:pem POST /api/v1/rfc5280/crl GET /api/v1/rfc5280/pkcs10/:pem POST /api/v1/rfc5280/pkcs10 POST /api/v1/rfc5280/pkcs12 GET /api/v1/rfc5280/x509/:pem POST /api/v1/rfc5280/x509 GET /api/v1/rfc5280/tc/:pem POST /api/v1/rfc5280/tc POST /api/v1/crypto/detect GET /api/v1/openssh/:base64 POST /api/v1/openssh/ GET /api/v1/rfc3161/:base64 POST /api/v1/rfc3161/ GET /api/v1/rfc6960/:base64 POST /api/v1/rfc6960/ PATCH /api/v1/security/identity/locals/ POST /api/v1/security/identity/locals/password GET /api/v1/security/identity/locals/password/:identifier GET /api/v1/security/identity/providers/dynamic/enabled GET /api/v1/security/passwordpolicies/:name/generate GET /api/v1/security/principals/self GET /api/v1/security/principals/authenticate GET /api/v1/security/principals/logout GET /api/v1/security/principals/queries GET /api/v1/security/principals/queries/:name POST /api/v1/security/principals/queries DELETE /api/v1/security/principals/queries/:name POST /api/v1/security/principals/preferences GET /api/v1/security/principals/dictionary GET /api/v1/ui/ GET /api/v1/endpoints/
CONFIGURATION
GET /api/v1/adoc/ GET /api/v1/automation/executions/ GET /api/v1/automation/executions/:name POST /api/v1/automation/executions/ PUT /api/v1/automation/executions/ DELETE /api/v1/automation/executions/:name GET /api/v1/automation/policies/ GET /api/v1/automation/policies/:name POST /api/v1/automation/policies/ PUT /api/v1/automation/policies/ DELETE /api/v1/automation/policies/:name GET /api/v1/cas/ GET /api/v1/cas/:name POST /api/v1/cas/ PUT /api/v1/cas/ DELETE /api/v1/cas/:name GET /api/v1/caches/crls GET /api/v1/caches/crls/:ca GET /api/v1/certificate/grading/policies/ GET /api/v1/certificate/grading/policies/:name GET /api/v1/certificate/grading/policies/:policy/explain/:input POST /api/v1/certificate/grading/policies/:policy/explain GET /api/v1/certificate/grading/policies/:policy/run GET /api/v1/certificate/grading/rulesets/ GET /api/v1/certificate/grading/rulesets/:name GET /api/v1/certificate/grading/rulesets/:ruleset/explain/:input POST /api/v1/certificate/grading/rulesets/:ruleset/explain GET /api/v1/certificate/labels/ GET /api/v1/certificate/labels/:name POST /api/v1/certificate/labels/ PUT /api/v1/certificate/labels/ DELETE /api/v1/certificate/labels/:name GET /api/v1/certificate/profiles/ GET /api/v1/certificate/profiles/:name POST /api/v1/certificate/profiles/ PUT /api/v1/certificate/profiles/ DELETE /api/v1/certificate/profiles/:name GET /api/v1/datasources/ GET /api/v1/datasources/:name POST /api/v1/datasources/ PUT /api/v1/datasources/ DELETE /api/v1/datasources/:name PATCH /api/v1/datasources/ POST /api/v1/datasource/flows/ POST /api/v1/datasource/flows/template POST /api/v1/templatestring/playground GET /api/v1/discovery/campaigns/ GET /api/v1/discovery/campaigns/:name POST /api/v1/discovery/campaigns/ PUT /api/v1/discovery/campaigns/ DELETE /api/v1/discovery/campaigns/:name PATCH /api/v1/discovery/campaigns/:name GET /api/v1/licenses/modules GET /api/v1/pki/queues/ GET /api/v1/pki/queues/:name POST /api/v1/pki/queues/ PUT /api/v1/pki/queues/ DELETE /api/v1/pki/queues/:name GET /api/v1/pki/connectors/ GET /api/v1/pki/connectors/:name POST /api/v1/pki/connectors/ PUT /api/v1/pki/connectors/ DELETE /api/v1/pki/connectors/:name PATCH /api/v1/pki/connectors/connect PATCH /api/v1/pki/connectors/materials GET /api/v1/proxy/httpproxies/ GET /api/v1/proxy/httpproxies/:name POST /api/v1/proxy/httpproxies/ PUT /api/v1/proxy/httpproxies/ DELETE /api/v1/proxy/httpproxies/:name GET /api/v1/rfc5280/crl/:pem POST /api/v1/rfc5280/crl GET /api/v1/rfc5280/pkcs10/:pem POST /api/v1/rfc5280/pkcs10 POST /api/v1/rfc5280/pkcs12 GET /api/v1/rfc5280/x509/:pem POST /api/v1/rfc5280/x509 GET /api/v1/rfc5280/tc/:pem POST /api/v1/rfc5280/tc POST /api/v1/crypto/detect GET /api/v1/openssh/:base64 POST /api/v1/openssh/ GET /api/v1/rfc3161/:base64 POST /api/v1/rfc3161/ GET /api/v1/rfc6960/:base64 POST /api/v1/rfc6960/ GET /api/v1/security/identity/locals/ GET /api/v1/security/identity/locals/:identifier POST /api/v1/security/identity/locals/ PUT /api/v1/security/identity/locals/ DELETE /api/v1/security/identity/locals/:identifier PATCH /api/v1/security/identity/locals/ POST /api/v1/security/identity/locals/password GET /api/v1/security/identity/locals/password/:identifier GET /api/v1/security/identity/providers/ GET /api/v1/security/identity/providers/:name POST /api/v1/security/identity/providers/ PUT /api/v1/security/identity/providers/ DELETE /api/v1/security/identity/providers/:name GET /api/v1/security/identity/providers/dynamic/enabled POST /api/v1/security/identity/providers/search GET /api/v1/security/passwordpolicies/ GET /api/v1/security/passwordpolicies/:name GET /api/v1/security/passwordpolicies/:name/generate POST /api/v1/security/passwordpolicies/ PUT /api/v1/security/passwordpolicies/ DELETE /api/v1/security/passwordpolicies/:name GET /api/v1/security/principals/self GET /api/v1/security/principals/authenticate GET /api/v1/security/principals/logout GET /api/v1/security/principals/queries GET /api/v1/security/principals/queries/:name POST /api/v1/security/principals/queries DELETE /api/v1/security/principals/queries/:name POST /api/v1/security/principals/preferences GET /api/v1/security/principals/dictionary GET /api/v1/security/principalinfos/:identifier POST /api/v1/security/principalinfos/ PUT /api/v1/security/principalinfos/ DELETE /api/v1/security/principalinfos/:identifier POST /api/v1/security/principalinfos/search GET /api/v1/security/roles/ GET /api/v1/security/roles/:name POST /api/v1/security/roles/ PUT /api/v1/security/roles/ DELETE /api/v1/security/roles/:name GET /api/v1/security/teams/ GET /api/v1/security/teams/:name POST /api/v1/security/teams/ PUT /api/v1/security/teams/ DELETE /api/v1/security/teams/:name PATCH /api/v1/security/teams/:previousTeam/:newTeam GET /api/v1/security/credentials/ GET /api/v1/security/credentials/:name POST /api/v1/security/credentials/ PUT /api/v1/security/credentials/ DELETE /api/v1/security/credentials/:name GET /api/v1/scheduler/tasks/ GET /api/v1/scheduler/tasks/:id/run GET /api/v1/scheduler/tasks/:id POST /api/v1/scheduler/tasks/ PUT /api/v1/scheduler/tasks/ DELETE /api/v1/scheduler/tasks/:id GET /api/v1/thirdparty/connectors/ GET /api/v1/thirdparty/connectors/:name POST /api/v1/thirdparty/connectors/ PUT /api/v1/thirdparty/connectors/ DELETE /api/v1/thirdparty/connectors/:name GET /api/v1/triggers/ GET /api/v1/triggers/:name POST /api/v1/triggers/ PUT /api/v1/triggers/ DELETE /api/v1/triggers/:name PATCH /api/v1/triggers/ GET /api/v1/security/scim/profiles/ GET /api/v1/security/scim/profiles/:name PUT /api/v1/security/scim/profiles/ DELETE /api/v1/security/scim/profiles/:name POST /api/v1/security/scim/profiles/ GET /api/v1/wcce/forests GET /api/v1/wcce/forests/:name POST /api/v1/wcce/forests PUT /api/v1/wcce/forests DELETE /api/v1/wcce/forests/:name GET /api/v1/system/configuration/ GET /api/v1/system/configuration/:type PUT /api/v1/system/configuration/ GET /api/v1/ui/ POST /api/v1/ui/cr/format GET /api/v1/endpoints/
SCIM
GET /security/scim/:scimProfile/ServiceProviderConfig GET /security/scim/:scimProfile/ResourceTypes GET /security/scim/:scimProfile/Users GET /security/scim/:scimProfile/Users/:identifier POST /security/scim/:scimProfile/Users PATCH /security/scim/:scimProfile/Users/:userName PUT /security/scim/:scimProfile/Users/:identifier DELETE /security/scim/:scimProfile/Users/:identifier GET /security/scim/:scimProfile/Groups/:groupName GET /security/scim/:scimProfile/Groups PATCH /security/scim/:scimProfileName/Groups/:GroupName