Certificate
This authenticator expects a configured HTTP header containing a X509 Certificate formatted as PEM.
Configuration
Common Authenticator configuration can be found here.
certificate_header_name
Name of the headers containing the certificate.
N/A
missing_certificate_location
If the header contains no datat, where to redirect the client.
N/A
custom_identifier
When logging events, the custom_identifier lets you tag the event.
N/A
Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when starting, completing, and failing a transaction.
Event ids are:
- WEB_100013("Authentication using certificate completed") - IDENTIFIER (user trace id) 
- SOURCE_ADDRESS (ip address of device starting transaction) 
- CUSTOMER_IDENTIFIER (if configured) 
- SOURCE_USER_NAME (subject from the certificate) 
- MESSAGE (certificate serial) 
 
Data exposed to global state
After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:
- serial 
- subject 
- certificate 
API
This authenticator has no UI
