Show TOC

X.509 User Certificate ProviderLocate this document in the navigation structure

Use an X.509 User Certificate when the client has authenticated using HTTPS and X.509 certificates for mutual authentication.

A client has already authenticated at the HTTPS protocol layer before this provider is called. This provider validates that the client's certificate is valid:
  • Signed by a trusted certificate authority
  • Not expired
  • Not revoked via certificate revocation lists or Online Certificate Status Protocol (OCSP)
If a certificate validates, authentication succeeds. To succeed, the client request must have been received at SAP Mobile Platform via HTTPS and a mutual authentication listener. This provider can create a Subject Principal; the principal name is the fully qualified SubjectDN in the user's certificate. The subject principal name can be used with the UserRoleAuthorizer to grant roles to this user.