Hi Piraveena, Thanks for detail response. However I am referring to APIM synapse endpoints and API authentication handlers. Having x509 authenticator is great, probably I will extract x509 authenticator code for custom API authentication handler.
Thanks, Gayan On Thu, Sep 26, 2019 at 7:52 AM Piraveena Paralogarajah <pirave...@wso2.com> wrote: > Hi Gayan, > > During SSL termination, the load balancer will drop the client's > certificate. From the load balancer, you can send the client's > certificate as HTTP header. x509 authenticator in IS already supports SSL > termination. You can check the blog [1] and the doc [2] for the configs > > [1] > https://medium.com/@piraveenaparalogarajah/configuring-x509-authenticator-in-wso2-identity-server-using-ssl-termination-with-nginx-1c21c6e5f27a > [2] > https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509+Authenticator+with+SSL+Termination > > Thanks, > Piraveena > *Piraveena Paralogarajah* > Software Engineer | WSO2 Inc. > *(m)* +94776099594 | *(e)* pirave...@wso2.com > > > > On Wed, Sep 25, 2019 at 11:47 AM gayan gunawardana < > gmgunaward...@gmail.com> wrote: > >> >> >> On Wed, Sep 25, 2019 at 6:49 AM Asela Pathberiya <as...@wso2.com> wrote: >> >>> >>> >>> On Wed, Sep 25, 2019 at 10:47 AM gayan gunawardana < >>> gmgunaward...@gmail.com> wrote: >>> >>>> Hi APIM team, >>>> >>>> Is there any recommended deployment pattern to implement [1] if SSL >>>> termination happen from load balancer ? >>>> >>> >>> One option is that sending the client certificate's data using HTTP >>> header. Also it can be done at the SSL termination point as it has access >>> to the client certificate. >>> >>> I assume that we have implemented such sample handler to GW. >>> >> Thanks a lot for quick reply. >> I suppose sending the client certificate's data using HTTP header is much >> convenient. >> Having it on SSL termination point is also a good option but the problem >> is when we have multiple APIs with multiple certificates how to maintain >> API to certificate mapping in SSL termination point. >> >>> >>> Thanks, >>> Asela. >>> >>> >>>> >>>> [1] https://docs.wso2.com/display/AM260/Securing+APIs+with+Mutual+SSL >>>> >>>> -- >>>> Gayan >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Asela >>> >>> Mobile : +94 777 625 933 >>> >>> http://soasecurity.org/ >>> http://xacmlinfo.org/ >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> Gayan >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > -- Gayan
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture