Older version2.7 AuthenticatorsSAMLHeaderBasedCertificateSAML


Used when authentication is based on a X509 certificate. 


Name Description Default value Mandatory
idpID The iternal identifier of the idp used N/A Yes
pipeID Id of the pipe used to issue the SAML assertion N/A Yes
certificateheader In which parameter will the certificate be in N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient No
certificateExtractionUrl If data is missing in the request, where to send the client for certificate extraction. N/A No

Example Configuration

    "alias": "certificatesaml",
    "name": "HeaderBasedCertificateSAML",
    "configuration": {
        "idpID": "idp",


Some kind of web front handling certificate extraction and populating the data.