diff --git a/src/acceptance/assets/file/policy/policy-with-configuration.json b/src/acceptance/assets/file/policy/policy-with-configuration.json
new file mode 100644
index 0000000000..94dcf15ae0
--- /dev/null
+++ b/src/acceptance/assets/file/policy/policy-with-configuration.json
@@ -0,0 +1,24 @@
+{
+  "configuration": {
+    "custom_metrics": {
+      "metric_submission_strategy": {
+        "allow_from": "bound_app"
+      }
+    }
+  },
+  "instance_max_count":4,
+  "instance_min_count":1,
+  "scaling_rules":[
+    {
+      "metric_type":"test_metric",
+      "threshold":500,
+      "operator":">",
+      "adjustment":"+1"
+    }, {
+      "metric_type":"test_metric",
+      "threshold":100,
+      "operator":"<",
+      "adjustment":"-1"
+    }
+  ]
+}
diff --git a/src/acceptance/broker/broker_test.go b/src/acceptance/broker/broker_test.go
index 9dffeceb3d..73d540caad 100644
--- a/src/acceptance/broker/broker_test.go
+++ b/src/acceptance/broker/broker_test.go
@@ -106,6 +106,19 @@ var _ = Describe("AutoScaler Service Broker", func() {
 
 			instance.unbind(appName)
 		})
+		It("binds&unbinds with configurations and policy", func() {
+			policyFile := "../assets/file/policy/policy-with-configuration.json"
+			policy, err := os.ReadFile(policyFile)
+			Expect(err).NotTo(HaveOccurred())
+
+			err = helpers.BindServiceToAppWithPolicy(cfg, appName, instance.name(), policyFile)
+			Expect(err).NotTo(HaveOccurred())
+
+			bindingParameters := helpers.GetServiceCredentialBindingParameters(cfg, instance.name(), appName)
+			Expect(bindingParameters).Should(MatchJSON(policy))
+
+			instance.unbind(appName)
+		})
 
 		It("binds&unbinds with policy having credential-type as x509", func() {
 			policyFile := "../assets/file/policy/policy-with-credential-type.json"
@@ -202,10 +215,6 @@ var _ = Describe("AutoScaler Service Broker", func() {
 			instance.delete()
 		})
 	})
-
-	Describe("check configuration binding object", func() {
-		// TODO
-	})
 })
 
 type ServicePlans []ServicePlan
diff --git a/src/autoscaler/metricsforwarder/server/auth/custom_metrics_strategy.go b/src/autoscaler/metricsforwarder/server/auth/custom_metrics_strategy.go
index 55420a65d5..a4df128c04 100644
--- a/src/autoscaler/metricsforwarder/server/auth/custom_metrics_strategy.go
+++ b/src/autoscaler/metricsforwarder/server/auth/custom_metrics_strategy.go
@@ -25,21 +25,21 @@ func (d *DefaultMetricsSubmissionStrategy) validate(appId string, submitterAppId
 
 type BoundedMetricsSubmissionStrategy struct{}
 
-func (c *BoundedMetricsSubmissionStrategy) validate(appId string, submitterAppIdFromCert string, logger lager.Logger, bindingDB db.BindingDB, r *http.Request) error {
-	if appId != submitterAppIdFromCert {
-		return c.verifyMetricSubmissionStrategy(r, logger, bindingDB, submitterAppIdFromCert, appId)
+func (c *BoundedMetricsSubmissionStrategy) validate(appToScaleID string, submitterAppIdFromCert string, logger lager.Logger, bindingDB db.BindingDB, r *http.Request) error {
+	if appToScaleID != submitterAppIdFromCert {
+		return c.verifyMetricSubmissionStrategy(r, logger, bindingDB, submitterAppIdFromCert, appToScaleID)
 	}
 	return nil
 }
 
-func (c *BoundedMetricsSubmissionStrategy) verifyMetricSubmissionStrategy(r *http.Request, logger lager.Logger, bindingDB db.BindingDB, submitterAppCert string, appID string) error {
-	isAppBound, err := bindingDB.IsAppBoundToSameAutoscaler(r.Context(), submitterAppCert, appID)
+func (c *BoundedMetricsSubmissionStrategy) verifyMetricSubmissionStrategy(r *http.Request, logger lager.Logger, bindingDB db.BindingDB, submitterAppIDFromCert string, appToScaleID string) error {
+	isAppBound, err := bindingDB.IsAppBoundToSameAutoscaler(r.Context(), submitterAppIDFromCert, appToScaleID)
 	if err != nil {
-		logger.Error("error-checking-app-bound-to-same-service", err, lager.Data{"metric-submitter-app-id": submitterAppCert})
+		logger.Error("error-checking-app-bound-to-same-service", err, lager.Data{"metric-submitter-app-id": submitterAppIDFromCert})
 		return err
 	}
 	if !isAppBound {
-		logger.Info("app-not-bound-to-same-service", lager.Data{"app-id": submitterAppCert})
+		logger.Info("app-not-bound-to-same-service", lager.Data{"app-id": submitterAppIDFromCert})
 		return ErrorAppNotBound
 	}
 	return nil
diff --git a/src/autoscaler/metricsforwarder/server/auth/xfcc_auth.go b/src/autoscaler/metricsforwarder/server/auth/xfcc_auth.go
index 6fcb3b889f..994d1151f9 100644
--- a/src/autoscaler/metricsforwarder/server/auth/xfcc_auth.go
+++ b/src/autoscaler/metricsforwarder/server/auth/xfcc_auth.go
@@ -18,7 +18,7 @@ var ErrorNoAppIDFound = errors.New("certificate does not contain an app id")
 var ErrorAppIDWrong = errors.New("app is not allowed to send metrics due to invalid app id in certificate")
 var ErrorAppNotBound = errors.New("application is not bound to the same service instance")
 
-func (a *Auth) XFCCAuth(r *http.Request, bindingDB db.BindingDB, appID string) error {
+func (a *Auth) XFCCAuth(r *http.Request, bindingDB db.BindingDB, appToScaleID string) error {
 	xfccHeader := r.Header.Get("X-Forwarded-Client-Cert")
 	if xfccHeader == "" {
 		return ErrXFCCHeaderNotFound
@@ -34,32 +34,28 @@ func (a *Auth) XFCCAuth(r *http.Request, bindingDB db.BindingDB, appID string) e
 		return fmt.Errorf("failed to parse certificate: %w", err)
 	}
 
-	submitterAppCert := readAppIdFromCert(cert)
+	submitterAppIDFromCert := readAppIdFromCert(cert)
 
-	if len(submitterAppCert) == 0 {
+	if len(submitterAppIDFromCert) == 0 {
 		return ErrorNoAppIDFound
 	}
 
-	// appID = custom metrics producer
-	// submitterAppCert = app id in certificate
-	// Case 1 : custom metrics can only be published by the app itself
-	// Case 2 : custom metrics can be published by any app bound to the same autoscaler instance
-	// In short, if the requester is not same as the scaling app
-	if appID != submitterAppCert {
+	// Case: Submitting app is not the same as the app to scale
+	if appToScaleID != submitterAppIDFromCert {
 		var metricSubmissionStrategy MetricsSubmissionStrategy
-		customMetricSubmissionStrategy, err := bindingDB.GetCustomMetricStrategyByAppId(r.Context(), appID)
+		customMetricSubmissionStrategy, err := bindingDB.GetCustomMetricStrategyByAppId(r.Context(), appToScaleID)
 		if err != nil {
-			a.logger.Error("failed-to-get-custom-metric-strategy", err, lager.Data{"appID": appID})
+			a.logger.Error("failed-to-get-custom-metric-strategy", err, lager.Data{"appToScaleID": appToScaleID})
 			return err
 		}
-		a.logger.Info("custom-metrics-submission-strategy", lager.Data{"appID": appID, "submitterAppCert": submitterAppCert, "strategy": customMetricSubmissionStrategy})
+		a.logger.Info("custom-metrics-submission-strategy", lager.Data{"appToScaleID": appToScaleID, "submitterAppIDFromCert": submitterAppIDFromCert, "strategy": customMetricSubmissionStrategy})
 
 		if customMetricSubmissionStrategy == models.CustomMetricsBoundApp {
 			metricSubmissionStrategy = &BoundedMetricsSubmissionStrategy{}
 		} else {
 			metricSubmissionStrategy = &DefaultMetricsSubmissionStrategy{}
 		}
-		err = metricSubmissionStrategy.validate(appID, submitterAppCert, a.logger, bindingDB, r)
+		err = metricSubmissionStrategy.validate(appToScaleID, submitterAppIDFromCert, a.logger, bindingDB, r)
 		if err != nil {
 			return err
 		}