RT PKI Authentication

I am working on deploying RT on a platform that sits behind a nginx proxy where users authenticate to nginx via PKI certificate. The only external authentication I’ve found is via LDAP, MySQL, or Cookie/SSO. Does anyone know what the best way would be to integrate RT’s authentication/authorization to the users PKI certificate? I’m thinking maybe integrating it with LDAP on the platform but then I would need to tie the PKI cert to LDAP and then do the authentication.

Any help would be greatly appreciated.