When using a service principal with certificate authentication, every time the certificate is renewed, the new certificate needs to be uploaded to the service principal's AAD app registration in order for authentication to continue to work.
However, a technology called "X5C" has made this unnecessary by allowing any certificate, with a specific subject, issued by a known, trusted, predetermined CA, to be used.
For this to work, the AAD app registration's manifest needs to be updated to reflect the subject name, and during authentication, the request for "X5C" authentication needs to be sent along with the certificate's signature.
When using a service principal with certificate authentication, every time the certificate is renewed, the new certificate needs to be uploaded to the service principal's AAD app registration in order for authentication to continue to work.
However, a technology called "X5C" has made this unnecessary by allowing any certificate, with a specific subject, issued by a known, trusted, predetermined CA, to be used.
For this to work, the AAD app registration's manifest needs to be updated to reflect the subject name, and during authentication, the request for "X5C" authentication needs to be sent along with the certificate's signature.
This change enables that to take place.