Client authentication data for SSL X509 certificates can be propagated into the local environment and used for authorization.
When you use the SOAPInput, HTTPInput, SCAInput, or TCPIPServerInput nodes, properties tree fields contain the information from the client certificate. Propagation is not automatically enabled but when it is enabled, a certificate is processed throughout the message flow and propagated for output or request nodes. By populating the local environment, the certificate data becomes available to the rest of the message flow.
A higher level of authentication (such as Basic-Auth or WS-Security) can overwrite the properties tree. Because of missing properties tree data, you are unable to authorize the client at the input node. However, you can use a SecurityPEP node to locate authentication (or other certificate) fields in the local environment to do the authorization. You can locate client certificates by using the local variable LocalEnvironment.input_node_name.Input.TransportSecurity.ClientAuth.Certificate, where input_node_name is one of SOAP, HTTP, SCA, or TCPIP.
$LocalEnvironment/SOAP/Input/TransportSecurity/ClientAuth/Certificate/Subject
For
more information about the SecurityPEP node, see SecurityPEP node.String clientCertSubject = localEnv.getFirstElementByPath("HTTP/Input/TransportSecurity/ClientAuth/Certificate/Issuer").getValueAsString();
For
more information about the JavaCompute node, see JavaCompute node.SET LocalEnvironment.TCPIP.Input.TransportSecurity.ClientAuth.Certificate.Subject = 'BROKERUSER';
For
more information about the Compute node,
see Compute node.