My IVE will mediate this traffic now, so I should create a virtual host"myserver.mycompany.com" so that when the user access the URL"myserver.mycompany.com/subpath-X/subpath-Y" he will be authorized based on yourCertificate Attributes, and then either redirected to"http:/myserver.local/subpath-X/subpath-Y".
I did not fully understand your requirements but for setting up something similar to what is described in above paragraph using certificate authentication you will have to do the following:
1. Set up a realm which uses a Certificate authentication server .
2. Ensure you have a resolvable name configured under Network > Hostname
3. Enable 'Browser request follow-through' under Role > Session Options
4. Set up Pass through proxy using virtual hostname options as shown in attached screenshot (myserver.mycompany.com should resolve to the SA)
Now when an end-user accesses https://myserver.mycompany.com/subpath-X/subpath-Y the user will get redirected to the sign-in page where certificate authentication will take place and then user will get redirected to backend via SA.