<p>Specifies whether the <tt>HttpClusterServlet</tt> proxies the
client certificate in a special header.</p>
<p>By default (or if you specify <code>false</code>), the
<code>weblogic.xml</code> deployment descriptor for each web
application that is deployed on this server determines whether the
web application trusts certificates sent from the proxy server
plugin. By default (or if the deployment descriptor specifies
<code>false</code>), users cannot log in to the web application
from a proxy server plugin.</p>
<p>A value of <code>true</code> causes proxy-server plugins to pass
identity certifications from clients to all web applications that
are deployed on this server instance. A proxy-server plugin encodes
each identify certification in the
<code>WL-Proxy-Client-Cert</code> header and passes the header to
WebLogic Server instances. A WebLogic Server instance takes the
certificate information from the header, trusting that it came from
a secure source, and uses that information to authenticate the
user.</p>
<p>If you specify <code>true</code>, use a
<code>weblogic.security.net.ConnectionFilter</code> to ensure that
this WebLogic Server instance accepts connections only from the
machine on which the proxy-server plugin is running. Specifying
<code>true</code> without using a connection filter creates a
security vulnerability because the
<code>WL-Proxy-Client-Cert</code> header can be spoofed.</p>
<p>A cluster can also specify whether the
<tt>HttpClusterServlet</tt> proxies the client certificate in a
special header. The cluster-level setting overrides the setting in
individual servers that are part of the cluster.</p>
(Interface=weblogic.management.configuration.ServerMBean Attribute=isClientCertProxyEnabled)