If the AA is deployed behind a load balancer, SSL client authentication might not be handled by the webserver running the AA but on an external host. In order to inject client certificate data (which is required to authorize the SP), an alternative header, such as X-SSL-CLIENT-CERT could be used.
This should be a configuration item, defaulting the current SSL_CLIENT_CERT value.
If the AA is deployed behind a load balancer, SSL client authentication might not be handled by the webserver running the AA but on an external host. In order to inject client certificate data (which is required to authorize the SP), an alternative header, such as
X-SSL-CLIENT-CERTcould be used.This should be a configuration item, defaulting the current
SSL_CLIENT_CERTvalue.