Authenticate based on an HTTP header containing an x509 certificate. Note that certificate extraction must be done prior to executing this authenticator.


Name Description Default value Mandatory
successURL Where to send user agent afer successfull authentication N/A Yes
certificateheader The name of the header used where certificate resides N/A Yes
pipeID Id of the pipe validating the user N/A Yes
certificateExtractionUrl If data is missing in the request, where to send the client for certificate extraction. N/A No

Example Configuration

    "alias": "certauth",
    "name": "HeaderBasedCertificate",
    "configuration": {
        "successURL": "/config/",
        "certificateheader": "certificate",
        "pipeID": "authPipe",
        "certificateExtractionUrl" : "/config/authenticate/certauth"
    "id": "certauth"


Certificate extraction must have been done prior to executing this authenticator. This is often done by Apache or NGINX.