Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Client Certificate Authentication

For SSL/TLS client authentication (the client needs to present a certificate to the server), the following properties need to be set in the JVM software running the SSL/TLS client:

Defines the full path to the keystore containing the client certificate and private key. This may be the same as that defined in Server Certificate Authentication.

Takes a value of JKS.

Specifies the password to the keystore. 

On the SSL/TLS server side, the client's CA certificate needs to be imported into the web container's keystore and marked as a trusted issuer of client certificates.