Thank you for your response Patrick.
The client certificate identifies the proxy server, not the user. The client certificate is being used to make sure traffic is coming from the proxy server (lockdown). After this verification, the logon will be based on a header parameter coming from the proxy server. The client certificate is the same in all instances because it is loaded on the proxy server and identifies the proxy server. The user has their userid passed from the proxy server in the form of a header parameter based on input from the user. The logon is based on the userid, not the client certificate.
Mark
