This rule flags the following references in the web.xml deployment descriptor:
<auth-method>CLIENT-CERT</auth-method>For HTTPS requests, the cloud platform router handles the Secure Socket Layer (SSL) authentication and forwards the unencrypted request to the application's HTTP port. None of the information about the secure request, such as the cipher suites or certificates used, is passed to the application. Without this information, an application that requires authentication based on client certificates might not work correctly in cloud platforms.
Modify the application to use other authentication methods that do not rely on SSL information, such as the FORM authentication. In Liberty for Java on IBM Cloud, use the Single Sign-On (SSO) service to provide authentication support based on OpenID/OAuth.
For more information, see Single sign-on (SSO).