Authenticate based on an HTTP header containing an x509 certificate. Note that certificate extraction must be done prior to executing this authenticator.


Name Description Default value Mandatory
successURL Where to send user agent afer successfull authentication N/A Yes
certificateheader The name of the header used where certificate resides N/A Yes
certificateExtractionUrl If certificate is missing value, where to redirect client for certificate extraction N/A No
pipeID Id of the pipe validating the user N/A Yes

Example Configuration

    "alias": "certauth",
    "name": "HeaderBasedCertificate",
    "configuration": {
        "successURL": "/config/",
        "certificateheader": "certificate",
        "pipeID": "authPipe"
    "id": "certauth"


Certificate extraction must have been done prior to executing this authenticator. This is often done by Apache or NGINX.