3.1.5.2 Issuer based certificate challenge response
The server's response is a challenge for proof of possession of a private key for a certificate that is acceptable to the server, as described in section 3.2.5.1. The server's challenge from section 3.2.5.1 is converted into an [Issuer based certificate challenge], and a signed JWT token is created on the client from the [Issuer based certificate challenge], as defined in the processing details (section 3.1.5.2.3). The client then responds to the server with a challenge response as defined in section 3.1.5.2.1.
Note that an [Issuer based certificate challenge], which is used only locally for message processing, is a tuple with the following definition.
-
[Issuer based certificate challenge] = [ SubmitUrl, string; CertAuthorities, string; ServerContext, string; Nonce, string ]