Set up your HTTP client to use two-way mutual certificate
authentication.
- The remote client establishes two-way HTTPS connection with
SAP Mobile Platform by providing itself a client certificate.
If the client certificate is not trusted by SAP Mobile Platform
(the CA certificate is in the SAP Mobile Platform trust store),
the connection cannot be established.
- After the connection is established, the remote client sends a request to
SAP Mobile Platform.
- SAP Mobile Platform determines the security configuration for the
request.
- SAP Mobile Platform retrieves the client certificate used by
establishing the connection, and passes it to the security configuration to
perform authentication. The CertificateValidationLoginModule
defined in the security configuration authenticates the client certificate.
- If authentication succeeds, SAP Mobile Platform dispatches the
client request to the corresponding service handler. Otherwise, a 403 error is
returned to the remote client.
- For the proxy service, the server forwards the client request to the
backend/gateway server by establishing the HTTPS connection with the client
certificate.