Hi Gayan, During SSL termination, the load balancer will drop the client's certificate. From the load balancer, you can send the client's certificate as HTTP header. x509 authenticator in IS already supports SSL termination. You can check the blog [1] and the doc [2] for the configs
[1] https://medium.com/@piraveenaparalogarajah/configuring-x509-authenticator-in-wso2-identity-server-using-ssl-termination-with-nginx-1c21c6e5f27a [2] https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509+Authenticator+with+SSL+Termination Thanks, Piraveena *Piraveena Paralogarajah* Software Engineer | WSO2 Inc. *(m)* +94776099594 | *(e)* pirave...@wso2.com On Wed, Sep 25, 2019 at 11:47 AM gayan gunawardana <gmgunaward...@gmail.com> wrote: > > > On Wed, Sep 25, 2019 at 6:49 AM Asela Pathberiya <as...@wso2.com> wrote: > >> >> >> On Wed, Sep 25, 2019 at 10:47 AM gayan gunawardana < >> gmgunaward...@gmail.com> wrote: >> >>> Hi APIM team, >>> >>> Is there any recommended deployment pattern to implement [1] if SSL >>> termination happen from load balancer ? >>> >> >> One option is that sending the client certificate's data using HTTP >> header. Also it can be done at the SSL termination point as it has access >> to the client certificate. >> >> I assume that we have implemented such sample handler to GW. >> > Thanks a lot for quick reply. > I suppose sending the client certificate's data using HTTP header is much > convenient. > Having it on SSL termination point is also a good option but the problem > is when we have multiple APIs with multiple certificates how to maintain > API to certificate mapping in SSL termination point. > >> >> Thanks, >> Asela. >> >> >>> >>> [1] https://docs.wso2.com/display/AM260/Securing+APIs+with+Mutual+SSL >>> >>> -- >>> Gayan >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> Thanks & Regards, >> Asela >> >> Mobile : +94 777 625 933 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Gayan > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
