Smart proxy auth concern doesn't handle reverse proxy setup when the cert is (null)
The Foreman::Controller::SmartProxyAuth attempts to use smart proxy certificate authentication by looking for client certificates. It does so by looking at the ssl_client_cert_env setting. In a reverse proxy setup (Apache from EL7) with a standalone Foreman process (using Puma) I set the following in /etc/foreman/settings.yaml:
# Configure reverse proxy headers :ssl_client_dn_env: HTTP_SSL_CLIENT_S_DN :ssl_client_verify_env: HTTP_SSL_CLIENT_VERIFY :ssl_client_cert_env: HTTP_SSL_CLIENT_CERT
When you navigate to a page with a browser that doesn't present any certificates but is authenticated, the result is that
(none). The code then attempts to parse this as a certificate which obviously fails.