Ujwol Shrestha

Tech Tip : CA Single Sign-On :CA Access Gateway:Auth/AZ Web Service with Certificate Authentication

Blog Post created by Ujwol Shrestha Employee on Nov 24, 2016


In this guide, we will see how to invoke REST Auth/AZ web service and pass the required client certificate when it is protected with X.509 certificate authentication scheme.


  • Web Agent/Policy Server: 12.52 and above
  • OS : ANY

Pre-requisites :

  • The root resource (/authazws/) for Auth/AZ web service is protected with X.509 Authentication scheme.
  • The web server (Apache) component of Apache is configured for SSL connectivity.
  • Client (user) certificate for the Authorised users are created.



TEST 1: REST Client (e.g SOAPUI)

This needs configuring SOAPUI with the X.509 certificate authentication.

This has been detailed quite well here : How to configure SoapUI with client certificate authentication 



TEST 2: REST Client ( e.g Java)

1. Add the CA cert which signed the SPS Apache server certificate to the java key store as trusted CA:

e.g. keytool -importcert -trustcacerts -alias ad2k8-01 -file RootCA-ad2k8-01.cer -keystore cacerts -storepass changeit -v


2. Modify the following properties in UserAuthenticationServiceImpl.java as per your environment

3. Modify the JDK home in the java-build.bat and java-run.bat (windows)

4. Compile the Test class by running java-build.bat (windows)

5. Execute the class by running java-run.bat (windows)

  Sample output :


Additional Information