Cert-based authentication in OpenAM need to set http header X-Client-Cert. I want use apache as reverse proxy and to set this header, when url is /openam/UI/Login?module=PKI.
/openam/UI/Login is for username and password authentication.
I have this configuration:
...
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
RequestHeader set X-Client-Cert ""
<Location "/openam/UI/Login/PKI">
RequestHeader set X-Client-Cert "%{SSL_CLIENT_CERT}s"
SSLVerifyDepth 10
SSLVerifyClient require
</Location>
RewriteRule /openam/UI/Login/PKI balancer://mycluster/openam/UI/Login?module=PKI [P]
...
and it can do the trick, but the cost is rewrite of /openam/UI/Login?module=PKI to /openam/UI/Login/PKI and I don't like it.
Can you advice me how to do it without this rewrite?
Thanks.
With apache2.4 I can do it with:
<If "%{QUERY_STRING} =~ /module=PKI/">
RequestHeader set X-Client-Cert "%{SSL_CLIENT_CERT}s"
SSLVerifyDepth 10
SSLVerifyClient require
<Else>
RequestHeader set X-Client-Cert ""
</If>