Client certificate for authentication on published web service
For our apps we want to restrict the web service access towards the apps. We want to be sure who is calling the service by client certificate. This must not influence the GUI access of the app of the app users. So we want to apply the client certificate validation on the web service endpoint(s) only. We want to add this to the transport layer as two-way SSL/TLS. Is this possible and how? Or is WS-Security the way to go?
I asked this same question a while back, as I understand this is not possible currently when deployed in the cloud. The only option you have is to require a certificate on the complete application, that means all users need the certificate as well. I did hear that this feature is on the roadmap. I'm also very interested in when this feature will become available.