Class NginxProxySslClientCertificateLookup

java.lang.Object
org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookup
org.keycloak.services.x509.NginxProxySslClientCertificateLookup
All Implemented Interfaces:
Provider, X509ClientCertificateLookup

public class NginxProxySslClientCertificateLookup extends AbstractClientCertificateFromHttpHeadersLookup
The NGINX Provider extract end user X.509 certificate send during TLS mutual authentication, and forwarded in an http header. NGINX configuration must have : server { ... ssl_client_certificate path-to-my-trustyed-cas-for-client-auth.pem; ssl_verify_client on|optional_no_ca; ssl_verify_depth 2; ... location / { ... proxy_set_header ssl-client-cert $ssl_client_escaped_cert; ... } Note that $ssl_client_cert is deprecated, use only $ssl_client_escaped_cert with this implementation
Since:
10/09/2018
Version:
$Revision: 1 $
Author:
Arnault MICHEL