Proxy client authentication
To selectively perform client certification authentication on behalf of PingFederate, configure a front-end proxy or load balancer.
By configuring proxy client authentication, TLS is terminated at the proxy and the headers are passed back to PingFederate for validation by the X.509 Certificate IdP Adapter. This approach also allows you to have all traffic arrive on TCP port 443.
Learn more about configuring proxy client authentication for your product:
-
Configure incoming proxy settings in the PingFederate documentation
-
Creating header identity mappings and Defining engine listeners in the PingAccess documentation