AM 7.4.1

Certificate Collector node

Collects an X.509 digital certificate from the request to use the certificate as authentication credentials.

To validate the certificate, use a Certificate Validation node.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

ForgeRock Access Management (self-managed)

ForgeRock Identity Platform (self-managed)

Outcomes

  • Collected

  • Not Collected

Evaluation continues through the Collected path if certificate collection is successful; otherwise, evaluation continues on the Not Collected path.

Properties

Property Usage

Certificate Collection Method

Specifies how to collect the certificate from the request. Possible values are:

Request

Look for the certificate in the request. Use this value if TLS termination happens at the container where AM runs.

Header

Looks for the certificate in the HTTP header name specified in the HTTP Header Name for the Client Certificate property. Use this value if TLS termination happens in a proxy or load balancer outside the container where AM runs.

Either

Looks for the certificate in the request; if AM cannot find it in the request, AM looks for the certificate in the HTTP header specified in the HTTP Header Name for the Client Certificate property.

Default: Either

HTTP Header Name for the Client Certificate

Specifies the name of the HTTP header containing the certificate when the Certificate Collection Method property is configured to Header or Either.

Default: No value specified.

Trusted Remote Hosts

Specifies a list of IP addresses trusted to supply certificates on behalf of the authenticating client, such as load balancers doing TLS termination.

If no value is specified, AM rejects certificates supplied by remote hosts. If you specify the any value, AM trusts certificates on behalf of the authenticating client supplied by any remote host.

Default: No value specified.

Copyright © 2010-2024 ForgeRock, all rights reserved.