Login with proxy authentication#

Proxy authentication (authentication by proxy server) is performed with the data sent in HTTP headers.


When proxy authentication is enabled, Blitz Identity Provider only identifies the user, while authentication (as a result of certificate verification) is performed by the proxy server. Enabling this authentication method is acceptable when all users access Blitz Identity Provider through the proxy server.

For this method to work correctly you need to specify:

  • required HTTP headers - list of HTTP headers that must be present to pass user proxy authentication,

  • HTTP header with user certificate (optional parameter) - header containing x.509 user certificate,

  • matching of HTTP header values and user identity data in the attribute store.

It is possible to configure mapping of attributes of the certificate passed in the HTTP header and user data to the storage.

An example of proxy authentication login settings is shown below: