Is it possible at all to populate the value of request.ssl.clientcertificate without actually performing certificate authentication?
We've got a fairly large Policy Fragment that does a lot of work parsing, validating and doing some magic for client cert authentication. However, it uses the variable request.ssl.clientcertificate so I can't use the fragment without using client cert auth.
What I'm trying to do is build a little functional testing tool for us to use internally. I just want to be able to take a base64 certificate, decode it as X509 and feed it through that Policy Fragment to make sure I get the expected end-result. That logic is pretty straight forward BUT I'm hung up because of the request.ssl.clientcertificate not being settable :(.
Was hoping maybe someone knew a magic way in the API GW to get that context variable set with a given credential.
We could change the fragment but that'd be a pretty big regression test and change to some existing policies. So was hoping to avoid that.