And one again replying to myself.
Now the scenrio is up completely. Standalone client calling EJB on server one which is in turn calling EJB on server two. Both calls are set up with mutual ssl enforced by the EJB deployment descriptors. ClientAuth property on both servers enabled or disabled does not make any difference but the desired effect, a trusted domain, should be enforced by the deployment descriptors alone anyways.
But the authenticated subject is not propagated through the call stack by the CSIv2 layer as it should. Instead the calling subject on both servers is shown as the certificated used to authenticate the client side.
All I wann know is, if there is any mistake on my side or if this is some kind of bug.
Cheers,
Chris
[Message sent by forum member 'candlejack' (candlejack)]
http://forums.java.net/jive/thread.jspa?messageID=305986