Use an X.509 User Certificate
when the client has authenticated using HTTPS and X.509 certificates for mutual
A client has already authenticated at the HTTPS protocol layer before this provider is called.
This provider validates that the client's certificate is valid:
- Signed by a trusted certificate authority
- Not expired
- Not revoked via certificate revocation lists or Online Certificate Status
If a certificate validates, authentication succeeds. To succeed, the client request
must have been received at SAP Mobile Platform via HTTPS and a mutual
authentication listener. This provider can create a Subject Principal; the principal
name is the fully qualified SubjectDN in the user's certificate. The subject principal
name can be used with the UserRoleAuthorizer to grant roles to this user.