In order to pass client certificate to the underlying backend (e.g. encoded in HTTP header or something) for further processing
as an API publisher
I need a way how to extract it (in gateway policy) from the HTTP request
Detailed Context
We want to use Gravitee.io AM for PSD2 context (open banking) and (national) standards require that every back-end (behind GW) must verify client certificate against some external service (e.g. custom 3rd-party app registry, national bank...etc.).
Assumptions
I assume that (API) Gateway supports mutual TLS communication (via client certificate) for incoming HTTP requests (NOT the backend request). If not, then this should contain also the implementation of that - otherwise, there is no client certificate to extract.
Possible Solution
Add to io.gravitee.gateway.api.Request some field that propagates client certificate from the underlying HTTP request (Vert.x very likely)
brasseld
commented
5 years ago
In order to pass client certificate to the underlying backend (e.g. encoded in HTTP header or something) for further processing as an API publisher I need a way how to extract it (in gateway policy) from the HTTP request
Detailed Context
We want to use Gravitee.io AM for PSD2 context (open banking) and (national) standards require that every back-end (behind GW) must verify client certificate against some external service (e.g. custom 3rd-party app registry, national bank...etc.).
Assumptions
I assume that (API) Gateway supports mutual TLS communication (via client certificate) for incoming HTTP requests (NOT the backend request). If not, then this should contain also the implementation of that - otherwise, there is no client certificate to extract.
Possible Solution
Add to
io.gravitee.gateway.api.Requestsome field that propagates client certificate from the underlying HTTP request (Vert.x very likely)