Client Certificate checking reverse proxy to web server
Hi, I'm attempting to configure our IVE to act as a reverse proxy for users to hit a webserver in our DMZ. I need a mechanism that will check for a user Client Certificate and then pass them (and the Cert headers) to the webserver. I'm not looking to necessarily authenticate the user at the IVE, just ask for the cert/pin and pass it to the webserver. Anyone know if this is possible? I've been looking at the ActiveSync configurations to try to get ideas for it, but am a little confused on the authorization only configuration.
Re: Client Certificate checking reverse proxy to web server
Can this be done? Yes Is it easy for mass deployment? It depends on your use case: if it is the same certificate for all users, upload that certificate and set the client authentication policy at Users>Resource Policies>Web>Client authentication. If, however, you need unique certificates for each user, it becomes more cumbersome as the number of users increases: each user needs their own role with their own client authentication policy to send their certificate through to the backend resource