In general when user tries to access a protected resource, the authentication procedure at Access Gateway redirects user to Identity Server. But for special user-clients/applications those do not support redirection, one way to achieve authentication is using contract that supports Non-Redirected Login. More details are available here -
When non-redirected login is enabled, Access Gateway prompts user to supply basic authentication credentials. So contract that supports basic authentication credentials such as Name/Password-Basic or Secure Name/Password-Basic can be used to protect resources without redirection. Even though basic authentication over HTTPS is good, sometimes its not acceptable and in many cases customer in not very keen on using the same.
This cool solution is about an alternate method to achieve Non-Redirected Login - X.509 client authentication
To enable X.509 client certificate verification by Access Gateway (AG) with no involvement of Identity Server, please go through following section.
Following steps are to achieve SSL (X.509) client authentication at AG
Copy CA certificate(signer) of user certificate to a location in AG box. Assuming the location is /opt/novell/apache/otherca, ls -l output should be like
drwxr-xr-x 2 root root 4096 Oct 11 16:16 otherca
SSLCACertificateFile /opt/novell/apache2/otherca/configca.pem # full path & name of certificate
SSLVerifyDepth 10 # maximum depth of CA certificate
In case user wants to use only location/path where certificate is copied, then