Java Reference
In-Depth Information
FIGURE 19-2. User Name/Password-Based Mutual Authentication
When using certificate-based mutual authentication, the following actions occur.
1.
A client requests access to a protected resource.
2.
The web server presents its certificate to the client.
3.
The client verifies the server's certificate.
4.
If successful, the client sends its certificate to the server.
5.
The server verifies the client's credentials.
6.
If successful, the server grants access to the protected resource requested by the
client.
Figure 19-1
shows what occurs during certificate-based mutual authentication.
In user name/password-based mutual authentication, the following actions occur.
1.
A client requests access to a protected resource.
2.
The web server presents its certificate to the client.
3.
The client verifies the server's certificate.
4.
If successful, the client sends its user name and password to the server.
5.
The server verifies the client's credentials.
