OpenAM Client Certificate with http header

Hi guys,

Im trying to authenticate a user via client certificate. I’m using OTB client certificate module on openAM 13 with http header to get the certificate.
I can see the certificate coming in the Authentication log but if it’s encoded (validate certParam: -----BEGIN%20CERTIFICATE-----%0AMIIGXzCCBEegAwIBAgIUUmlJIMST3%2F…), authentication fails with the error:

ERROR: CertificateFromParameter(X509Cert): exception Could not parse certificate: Empty input

If certificate coming decoded (validate certParam: MIIGXzCCBEegAwIBAgIUUmlJIMST3/0H0x5GkL7LyLbTVO4wDQYJKoZIh…), the user is authenticated and everythings works fine.

I missing some configuration or parameters in openAM or Tomcat to handle this behaviour?

Thanks in advance