Mutual-tls-by-proxy (Section)#
Path: /profiles/profile{id, type}/settings/authorization-server/dynamic-client-registration/non-templatized/mutual-tls-by-proxy
Allow mutual TLS to be terminated in a proxy instead of directly within the identity server
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| trusted-issuers | multi-value, leafref | optional | A list of client certificate issuers to trust with client registration.An empty list will mean all configured ssl client truststores. | |
| userid | string | optional | User ID credential that the proxy uses to authenticate using HTTP Basic authentication through a Proxy-Authorization header. | |
| password | non-empty-string | optional | Password credential that the proxy uses to authenticate using HTTP Basic authentication through a Proxy-Authorization header. | |
| client-certificate-http-header | non-empty-string | required | Name of the HTTP header that the proxy uses to include the PEM- or base64-encoded DER representation of the client certificate in the forwarded request. Must be set for mutual-tls by-proxy to work. |