We are exploring terminating SSL at the load balancer sitting in front of our gateway cluster. We do have some APIs protected by Mutual SSL Authentication. That is, the API consumer calls the gateway and the gateway will authenticate the certificate presented to it via the request. So the authentication is between the API Consumer and the gateway.
We can inject the API consumer's certificate into a header at the LTM and I believe we can authenticate using that header. The assertions I have set up are basically this:
Request: Retrieve Credentials from Context Variable ${request.http.header.headerName}
Request: Authenticate against Federated Identity Provider
When hitting the Authentication assertion, I'm getting the following error:
Type not supported for variable credentials for variable request.http.header.headerName: Unsupported credential type: String. Exception caught
I've captured the header, and the PEM public certificate is in there. I can guarantee I'm missing something, but not sure what.