idp - x509 auth behind nginx

Ilya Rumyantsev iliggio at
Fri Nov 16 04:50:46 EST 2018

Hi all, I could not find any documentation on how to establish the x509 client login with a reverse proxy. 
I would like the nginx to handle the x509 client login. 

What headers would I need to pass to the shibboleth idp running
in a tomcat container? I just found a snippet from the very old apache config:

  <Location /idp/Authn/X509>
    SSLVerifyClient require
    SSLVerifyDepth 10
    SSLOptions -StdEnvVars +ExportCertData

The certificate needs to be evaluated by the shibboleth.

Thanks a lot

More information about the users mailing list