3.11.5.2 End-user X509 Certificate Common Processing

If CurrentEndpointConfiguration.CertificateValidation value is 2 ("IssuedByDrs") then the [Serialized Request with Certificate].CertificateUsage MUST be set to 2 ("Device").

If CurrentEndpointConfiguration.CertificateValidation value is 1 ("Ssl") then the [Serialized Request with Certificate].CertificateUsage MUST be set to 1 ("User").

The [Serialized Request with Certificate].Request elements values SHOULD be copied from the incoming HTTP request.

The request SHOULD be made to https://[ServiceConfiguration.ServiceHostName]:[ServiceConfiguration.HttpsPort]/adfs/backendproxytls and the client MUST authenticate with client TLS [RFC2246] using [Client State].TrustCertificate.