The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the X-Forwarded-Client-Cert to the javax.servlet.request.X509Certificate Servlet attribute.
| Detection Criterion | Unconditional |
| Tags | client-certificate-mapper=<version> |
For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to Configuration and Extension.
The framework can be configured by modifying the config/client_certificate_mapper.yml file in the buildpack fork. The framework uses the Repository utility support and so it supports the version syntax defined there.
| Name | Description |
|---|---|
repository_root |
The URL of the Container Customizer repository index (details). |
version |
The version of Container Customizer to use. Candidate versions can be found in this listing. |
The Servlet Filter added by this framework maps the X-Forwarded-Client-Cert to the javax.servlet.request.X509Certificate Servlet attribute for each request. The X-Forwarded-Client-Cert header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication. This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.