Certificate Collector node

Collects an X.509 digital certificate from the request to use the certificate as authentication credentials.

To validate the certificate, use a Certificate Validation node.

Outcomes

Collected
Not Collected

Evaluation continues through the Collected path if certificate collection is successful; otherwise, evaluation continues on the Not Collected path.

Properties

Property Usage

Property	Usage
Certificate Collection Method	Specifies how to collect the certificate from the request. Possible values are: `Request` Look for the certificate in the request. Use this value if TLS termination happens at the container where AM runs. `Header` Looks for the certificate in the HTTP header name specified in the HTTP Header Name for the Client Certificate property. Use this value if TLS termination happens in a proxy or load balancer outside the container where AM runs. `Either` Looks for the certificate in the request; if AM cannot find it in the request, AM looks for the certificate in the HTTP header specified in the HTTP Header Name for the Client Certificate property. Default: `Either`
HTTP Header Name for the Client Certificate	Specifies the name of the HTTP header containing the certificate when the Certificate Collection Method property is configured to `Header` or `Either`. Default: No value specified.
Trusted Remote Hosts	Specifies a list of IP addresses trusted to supply certificates on behalf of the authenticating client, such as load balancers doing TLS termination. If no value is specified, AM rejects certificates supplied by remote hosts. If you specify the `any` value, AM trusts certificates on behalf of the authenticating client supplied by any remote host. Default: No value specified.

Certificate Collection Method

Specifies how to collect the certificate from the request. Possible values are:

Request: Look for the certificate in the request. Use this value if TLS termination happens at the container where AM runs.
Header: Looks for the certificate in the HTTP header name specified in the HTTP Header Name for the Client Certificate property. Use this value if TLS termination happens in a proxy or load balancer outside the container where AM runs.
Either: Looks for the certificate in the request; if AM cannot find it in the request, AM looks for the certificate in the HTTP header specified in the HTTP Header Name for the Client Certificate property.

Default: Either

HTTP Header Name for the Client Certificate

Specifies the name of the HTTP header containing the certificate when the Certificate Collection Method property is configured to Header or Either.

Default: No value specified.

Trusted Remote Hosts

Specifies a list of IP addresses trusted to supply certificates on behalf of the authenticating client, such as load balancers doing TLS termination.

If no value is specified, AM rejects certificates supplied by remote hosts. If you specify the any value, AM trusts certificates on behalf of the authenticating client supplied by any remote host.

Default: No value specified.

AM 7.3.1

Certificate Collector node

Outcomes

Properties