X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=48220a86876b7db2b3092ad9395757cc648514c5;hb=715f6820660b91d532e3bd75a53786267066e1a7;hp=7b7207ef3e32536b84b8c67f099617ca14d42fe1;hpb=4ccae1bf1714f7adbb69a4505f424e70f2c39698;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index 7b7207ef3..48220a868 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -201,6 +201,14 @@ public class HttpSessionLoginModule implements LoginModule {
 		if (null != certs && certs.length > 0) {
 			sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certs[0].getSubjectX500Principal().getName());
 			sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, certs);
+		} else {
+			// When client has been verified by reverse proxy
+			String certDn = req.getHeader("SSL_CLIENT_S_DN");
+			if (certDn != null) {
+				sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certDn);
+				String issuerDn = req.getHeader("SSL_CLIENT_I_DN");
+				sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, issuerDn);
+			}
 		}
 	}