-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Gateway MTLS "clientCert" Availability? #469
Comments
Hi @coreyowensbillgo, |
@deki I'll dig further in and confirm if API Gateway is even expanding the event payload with the the |
Hi @coreyowensbillgo, have you made progress in the meantime? I plan to get a 1.9 release next month and would like to include a fix. |
@deki Apologies for the late response, I've been away on vacation. My work around this had been put on the back-burner, but I'm happy to see you've made some progress! |
Yeah I just added the missing properties but haven't made further progress (unittests, testing, docs, ...). |
Serverless Java Container version:
eg. 1.5
1.6
Implementations:
Jersey / Spring / Spring Boot / Spring Boot 2 / Spark
Spring Boot
Framework version:
eg SpringBoot 2.2.6.RELEASE
2.6.6
Frontend service:
REST API / HTTP API / ALB
REST API
Scenario
I am utilizing MTLS authentication for my API Gateway: https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
In the documentation, it mentions that the
clientCert
is populated in the API GW's event payload when it is passed along to Lambda authorizers via therequestContext
.I want to base my authorization on the clientCert's subjectDN's CN within my java code, but I am not sure if it's possible or how I can access the
clientCert
from within my Java lambda utilizing aws-serverless-java-container. (I realize the lambda isn't alambda authorizer
, but I was hoping it may still be accessible) Any suggestions?Expected behavior
I would expect that
clientCert
is available withinAwsProxyRequest
'sAwsProxyRequestContext
EX:
Actual behavior
I don't see anything in
AwsProxyRequest
orAwsProxyRequestContext
related to certs or authentication.Steps to reproduce
Set up a REST API Gateway pointing to your
aws-serverless-java-container
lambda. Add custom domain. Create certs. Enable MTLS. Make call to the REST API Gateway and attempt to findclientCert
object from API GW event payload.Full log output
N/A
The text was updated successfully, but these errors were encountered: