I'm attempting to get running an SSL-based JBoss/F5 BigIP configuration and am having some issues.
There is encryption between the client browser and the F5 and another (different) encryption communication between the F5 and the nodes. The main problem seems to be this: The jboss application wants user certs from the client which it then should pass to another authentication server elsewhere on the network. On the client side, the load balancer is configured (with an iRule) to take that client-provided user cert, insert it into the http header, and re-encrypt the traffic back to the Jboss node. What we want to happen is that the jboss node would then de-crypt the packet, inspect the http header for the user cert, then send THAT cert to the authentication server. What appears to be happening is that the Jboss server takes the server cert provided by the BigIP for the initial ssl connection and sends that one to the authentication server.
I think that the Jboss instance has to be configured to work with a proxy (or a reverse proxy, in this case, the BigIP), but I don't know how to do this. I'm the BigIP admin in this case, not a jBoss person, so please excuse my ignorance. I'd really appreciate any insight.