Mutual-tls-by-proxy (Section)#
Path: /profiles/profile/settings/authorization-server/dynamic-client-registration/non-templatized/mutual-tls-by-proxy
Allow mutual TLS to be terminated in a proxy instead of directly within the identity server
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| trusted-issuers | multi-value leafref → /base:facilities/base:crypto/base:ssl/base:client-truststore/base:client-certificate/base:id | optional | - | A list of client certificate issuers to trust with client registration.An empty list will mean all configured ssl client truststores. |
| userid | string | optional | - | User ID credential that the proxy uses to authenticate using HTTP Basic authentication through a Proxy-Authorization header. |
| password | string (length: 1..9223372036854775807) | optional | - | Password credential that the proxy uses to authenticate using HTTP Basic authentication through a Proxy-Authorization header. |
| client-certificate-http-header | string (length: 1..9223372036854775807) | required | - | Name of the HTTP header that the proxy uses to include the PEM- or base64-encoded DER representation of the client certificate in the forwarded request. Must be set for mutual-tls by-proxy to work. |