Client authentication and basic authentication security scheme

With client authentication and basic authentication, the server that hosts the web service and the client (SOAP Gateway) require the other to be authenticated in order to establish trust before it establishes a connection.

The client, SOAP Gateway, initiates an HTTPS call, the sever sends back a certificate, and then the client sends the server a certificate.

Because client authentication is used with basic authentication, in addition to the HTTPS call and the certificates that the server and the client send to each other, basic authentication credentials are also sent to the server with the request in order to execute a web service.

The following diagram shows the process flow when client authentication is used with the basic authentication security scheme:
Figure 1. Client authentication and basic authentication for the IMS applications as web service consumers scenario
This image shows the process flow when client authentication and basic authentication are used together.
  1. The client initiates an HTTPS call.
  2. The server sends back a certificate.
  3. The client verifies the certificate with the server certificate that is stored in the truststore.
  4. The client sends the server a client certificate.
  5. The server verifies with the client certificate that is stored in the truststore.
  6. Basic authentication credentials (user name and password) are sent to the server because the server is set up to require this information.
  7. The client is allowed to execute a web service.