I would like to know whether WebSphere Full Profile (8.5.5.x or 9.x) has any capability to make the SSL Settings QoP “Client authentication” Required for **only** a specific path of an application?
The use-case is that a customer wants to use it for mutual authentication of REST APIs, but not require it for a user interface application that users log in to using a totally different authentication method. Both applications are deployed in the same .ear file.
Currently it appears that the configuration of Client authentication is done at the Cell or Node level through https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/csec_ssl_clientauth.html