Scenario : I need to use client-certificate authentication to access API gateway which is placed behind Load balancer. Currently load balancer is configured to save the received client certificate in a custom header and forwards the client request to API gateway with certificate in its header. On API gateway I can extract client certificate from header and save as string context variable named clientCertificate. I have tried to use assertion Validate Certificate but i always received error "No certificate found for variable : clientCertificate".
For testing with POSTMAN I created self-signed certificate with openssl and saved it in Trusted Certificates on API gateway and marked as "Certificate is a Trust Anchor". I also created in Internal Identity Provider a user with the same name as CN in client-certificate and added client certificate. Client-certificate was inserted into header with load balancer without problems, I have tried to decode extracted certificate from header in online certificate decoder and decoding showed no error. Any idea how can I validate client certificate delivered to API gateway in a request custom header?