HeaderBasedCertificateSAML

Used when authentication is based on a X509 certificate. 

Fix for 3.0

 A problem in PAS requires that you replace the following file in:

Server\mods\com.phenixidentity~auth-http~3.0.0\com\phenixidentity\authentication\handler\saml

HeaderBasedCertificateSAML.class

Properties

Name Description Default value Mandatory
idpID The iternal identifier of the idp used N/A Yes
pipeID Id of the pipe used to issue the SAML assertion N/A Yes
certificateheader In which parameter will the certificate be in N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient No
certificateExtractionUrl If data is missing in the request, where to send the client for certificate extraction. N/A No

Example Configuration 

{
    "alias": "certificatesaml",
    "name": "HeaderBasedCertificateSAML",
    "configuration": {
        "idpID": "idp",
        "pipeID":"tokenPipe",
        "certificateheader":"myheader"
    }
}


Requirements

Some kind of web front handling certificate extraction and populating the data.