Write a filter for your application server to add the certificate back in to its stack. By doing that the default get client certificate Servlet features can be used.
> -----Original Message----- > From: Nimish Telang [mailto:[email protected]] > Sent: Sunday, November 3, 2019 6:03 PM > To: [email protected] > Subject: Support for X-Forwarded-Client-Certificate > > Hi, > > I’m trying to run a CXF service behind an NGINX-ingress http proxy that has > to terminate mutual TLS. I’d like to have the client certificate forwarded to > the CXF server, since it’s needed to verify SAML and XML signature trust > (they just include the RSA public key). > > Is this natively supported in CXF, and if not, how should I make CXF aware of > the forwarded client certificate even though the CXF server is not listing on > TLS and is not terminating TLS? > > Nimish
