X.509 User Certificate Provider

Use X.509 User Certificate when the client has authenticated using HTTPS and X.509 certificates for mutual authentication.

The client has already authenticated at the HTTPS protocol layer before this provider is called. This module then validates that the user's certificate is valid:

signed by a trusted certificate authority
not expired,
not revoked via certificate revocation lists or OCSP

If the certificate validates, then authentication is successful. The client request must have been received at SAP Mobile Platform via HTTPS with the mutual authentication listener in order to succeed. This provider may create a Subject Principal where the principal name is the fully qualified SubjectDN in the user's certificate. That subject principal name may then be used in conjunction with the UserRoleAuthorizer to grant roles to this user.

X.509 User Certificate Configuration Properties
The X.509 User Certificate provider enables mutual authentication. This provider should be used when certificates are authenticated by the container.

Parent topic: Authentication Providers for User Authentication and Authorization

Related tasks

Enabling OCSP

Mapping a Logical Role to a Physical Role

Related reference

X.509 User Certificate Configuration Properties