Client side certificates with OpenScript

Similar Messages

• Problem in creating client side PDF with image using flex and AlivePD

  I need a favor I am creating client side PDF with image using flex and AlivePDF for a web based application. Images have been generated on that pdf but it is creating problem for large size images as half of the image disappeared from that pdf.I am taking the image inside a canvas . How do i control my images so that they come fit on that pdf file for any image size that i take.
  Thanks in advance
  Atishay

  I am having a similar and more serious problem. It takes a
  long time to execute, but even attaching a small image balloons the
  pdf to 6MB plus. After a few images it gets up to 20MB. These are
  100k jpeg files being attached. The resulting PDF is too large to
  email or process effectively. Does anyone know how to reduce
  size/processing?

• Steps to upgrade Client Side Xe with apex3.2.1

  Hi,
  I want to upgrade client side xe with apex3.2.1.Please help me to do this.
  can you send me any llink with step by step installation of apex3.2.1 over client xe.
  Thanks & Regards
  Manoj

  Hi manoj;
  Please follow below and see its helpful for your issue, i belive you will find your answer in those links
  http://blogs.oracle.com/SanthoshK/2008/09/oracle_xe_apex_3x_installation.html
  Installation of APEX 3.2 on Oracle 10G Database
  http://apps2fusion.com/at/kr/384-apex
  Regard
  Helios

• Client side eventing with HTMLB in a jsp file

  Hi All,
  Can u give me the solution to work with client side eventing with HTMLB with a jsp page but not with a dynpage.
  Regards,
  sireesha.

  Hi sireesha,
    Check this.
  <%@ taglib uri="tagLib" prefix="hbj" %>
  <%@ page import="com.sapportals.htmlb.enum.EventTrigger,com.sapportals.htmlb.event.Event" %>
  <hbj:content id="myContext" >
  <hbj:page title="PageTitle">
  <script language="Javascript">
  function checkinput(){
       var funcName = htmlb_formid+"_getHtmlbElementId";
       func = window[funcName];
       var inputfield1 = eval(func("inf1"));
       var input1 = inputfield1.getValue();
       if (input1==""){
            alert("Enter mandatory fields");
  </script>
  <hbj:form>
  <hbj:textView id="tv1" text="Name"/>
  <hbj:inputField id="inf1"
  type="String"
  required="true"
  jsObjectNeeded="true">
  <% inf1.setClientEvent(EventTrigger.ON_BLUR, "checkinput()"); %>
  </hbj:inputField>
  <br>
  <hbj:textView id="tv2" text="City"/>
  <hbj:inputField id="inf2" type="String"/>
  <hbj:button id="b1" text ="submit" onClick="onSubmitclicked"/>
  </hbj:form>
  </hbj:page>
  </hbj:content>
  Regards,
  Harini S

• How to implement a client side map with ObjectImage control?

  We need to implement a client side map with an ADF Faces ObjectImage control. In the code below, the JSF Faces GraphicImage contol does support a client side image map using the usemap property. However, it appears that the ADF Faces ObjectImage control does not support a client side map. Is there someway of implementing this functionality in an ObjectImage control?
  <h:graphicImage url="/images/map-usa.gif"
  usemap="#m_mapusa"
  binding="#{backing_map.graphicImage2}"
  id="graphicImage2"
  style="border-style:none;"/>
  <af:objectImage source="/images/map-usa.gif"
  binding="#{backing_map.objectImage2}"
  id="objectImage2" />
  We could use the Graphic Image control except we have a problem by mixing a JSF GraphicImage control in the same table with a variety of ADF Faces controls in that when a user clicks on the GraphicImage, then the browser windows scrolls down to center the GraphicImage control. A user then needs to scroll back up to see the rest of the page. If an ObjectImage control is used with an onClick action, then the page does not scroll, which is what we want. So if we can figure out how to add a client side map to an ObjectImage control we would get the desired results.
  An alternative might be to use a server side map with the ObjectImage control. But our question here is how to implement the existing client side image map in a backing bean. As the following map code shows, not all image map areas are rectangles - some are polygons.
  <area id="_state_05" href="#"
  shape="rect"
  coords="681,38,702,50"
  target="_self" value="VT" alt="Vermont"
  onclick="javascript:getDtl(this);"/>
  <area id="_state_06" href="#"
  shape="poly"
  coords="221,442,209,436,209,418,191,403,155,382,116,367,101,370,98,364,
  122,355,158,367,203,388,212,394,242,427"
  target="_self" value="HI" alt="Hawaii"
  onclick="javascript:getDtl(this);"/>

  Hi,
  Any news about that issue, we are also interested in any solution.
  Thanks
  Math

• Client side paging with jstl or xslt

  Is there any way to provide client side paging with jstl or xslt/xpath. I have a jsp page with a limited amount of data, say less than 30 rows of data. I want to display 10 rows at a time. The data is returned to the page in xml format and I am currently using xslt to display the data (currently displays all rows on the page). I am looking for a way to update my xpath variables so I can provide paging capabilities. Is there any way to get the information from the request from the jsp to the xpath variables? Or does anyone have any other suggestions for implementing client side paging using either xslst - xpath or jstl? Thanks Vic.

  I am loading the entire xml stream in the client and formatting using xslt. I only want to initially display 10 rows. I would like to implement client side paging. Is there any way to communicate with the xpath variables? Javascript?

• How To Use Client Side Certificate to access the SOAP service

  HI,
  I am client side and need to access a remote SOAP server side using a certificate.
  I don't know how to add the certificate in my Java code, although I can get it using X509Certificate. The following is my code.
  Thanks for any help
  public class Dash911 {
  public static void main(String args[]) throws IOException {
  try {
       //I have a Cert class that generate the cert          
  X509Certificate certificate = (new Cert()).getCertificate();
  String targetURI= "http://schemas.ecs.telefinity.com/webservices/postal/";
  String methodName = "FindStreet";
  String encodingStyleURI = Constants.NS_URI_SOAP_ENC;
  Vector params = new Vector();
       String[] names = {"Westcorp", "35805"};
       params.addElement(new Parameter("names", names.getClass(), names, null));
       String endpointURL = "https://prototype.test.telefinity.com/integrationprovisioning/postal.asmx";
       makeCall(targetURI, methodName, encodingStyleURI, null, params, endpointURL);
       } catch (Throwable t) {
       }//main          
  Thanks a lot

  Keystore or Truststore may be rigtht the same file, the matter is how you use it
  at each time: if you need to authenticate yourself (no matter wether you are a
  server or a client), you will have to initiate your SSLcontext with such file
  managed by TrustManager. On the other hand, you just do same but
  indicating your file is shall be managed by a KeyManager.

• Client side playlist with dynamicaly streamed items possible?

  Hey,
  is there a way to define a client side playlist like this:
  ns.play(      "stream1",      0,      30              );
  ns.play(      "stream2",      10,    -1, false      );
  ns.play( "     stream3",      0,      -1, false      );
  ns.play(      "stream4",      30,    120, false    );
  but instead of a single videofiles for each playlistentry use dynamic streaming?
  I know how the DynamicStream class is working and how to set it up but i can't find any information if it is possible to combined those two techniques.
  Thanks for any suggestions.

  Yes upto a certain extent you can achieve it, see below approach if it suits you. You can have playlist as xml file and each video tag will represent single item in playlist. So suppose you have xml file with video tags as below:
  <videoList vodurl="rtmp://localhost/myapp">
  <video>
                    <label>flv:stream</label>
                     <data>stream1,stream2,stream3</data>
                     <bitrate>100,200,350</bitrate>
  </video>
  <video>
                     <label>mp4:stream</label>
                      <data>mp4:stream1.mp4,mp4:stream2.mp4,mp4:stream3.mp4</data>
                      <bitrate>100,200,350</bitrate>
  </video>
  </videoList>
  Then you need to create dynamic stream item("dsi") as below for each video tag and create array of "dsi".
  var dsi:DynamicStreamItem = new DynamicStreamItem();
  dsi.addStream( "mp4:stream1.mp4", 100);
  dsi.addStream( "mp4:stream2.mp4", 200 );
  dsi.addStream( "mp4:stream3.mp4", 350 );
  ds.startPlay( dsi );
  Then iterate each item of array, while you are playing first item of array then based on netstatus messages like "NetStream.Play.Complete" you can decide to move on to next item in array. So in this way you can create client side playlist.
  Regards,
  Amit

• Benefits of Client Side Monitoring with SCOM 2012R2?

  I'm working on the architecture for adding SCOM 2012R2 to our Windows network.  Right now we use SCCM 2012R2 and SCEP.  I'm trying to determine whether I should include our workstation computers as part of this or only servers.  We won't
  be doing Application Performance Monitoring (APM).  So what would be the benefit of putting the SCOM agent on the workstations?
  # When I wrote this script only God and I knew what I was doing. # Now, only God Knows!

  Hi,
  As it was mentioned by Yan Li_ first thing to do is the proper planning and comparing all pros and cons of SCOM client monitoring, depending on numbers of agent\agentless servers\workstations to be monitored. With a large number of agentless monitored
  clients, it makes sense to have a separate SCOM infrastructure.
  As well, please look at this links:
  http://stefanroth.net/2013/05/27/scom-agentless-exception-monitoring-aem-faq/
  http://stefanroth.net/2013/05/14/scom-2012-custom-aem-reports/
  http://www.ms-opsmgr.eu/?p=332
  Natalya
  ### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer

• Client side validation with submit button in another region

  Hi,
  I have two regions, one containing a form with input texts for the user to fill in, and another region with a command button. A few of the input fields use the ADF "required" validator.
  My problem is that when I click the submit button, and it does some logic to commit the form to a data base, even if the validator triggers and says that one of the required fields is empty, all the other fields get committed, except the ones that are empty. They get the last valid value.
  What I want is the button to trigger the ADF message that doesn't allow the user to continue with the update. This doesn't happen though.
  Anyone have any ideas? If you need a more thorough explanation, please let me know.

  Regions work as indipendent pages.
  Yet if submit buttons are partialSubmit="false" then both regions (pages are submited).
  Still there is a bug when commiting data:
  [http://adfbugs.blogspot.com/2009/08/page-with-region-validations-bug.html]

• Client side eventing with HTMLB

  Hi All,
  I am trying to access the HTMLB elements from jsp page to java script and failed to handle an event.
  My requirement is, i have a form designed in First.jsp which is having 2 input fileds and both are mandatory. I want to display a msg to the user if he try to skip those 2 input fileds without value.
  This i tried with dynpage it is working but i want to have with a JSP page, ie., all the presentation is in jsp file. so, how can i access those 2 input fileds in java scipt function?
  If anybopdy is having an idea or a sample code please share here.
  Thanks in advance,
  Regards,
  sireesha.

  Hi Harini,
  Thanks for your reply.I tried the same code but it is not showing the alert, i couldn't find where exactly the problem is!
  Here i am putting my code please go through it and help me.
  JSP file:
  <%@ taglib uri="tagLib" prefix="hbj" %>
  <%@ page import="com.sapportals.htmlb.enum.EventTrigger,com.sapportals.htmlb.event.Event" %>
  <hbj:content id="myContext" >
    <hbj:page title="PageTitle">
    <script language="Javascript">
            function checkinput(){
            var funcName = htmlb_formid+"_getHtmlbElementId";
            func = window[funcName];
            var inputfield1 = eval(func("inf1"));
            var input1 = inputfield1.getValue();
            if (input1==null)
            alert("Enter mandatory fields");
       </script>
     <hbj:form>
         <hbj:textView id="tv1" text="Name"/>
            <hbj:inputField id="inf1"
                            type="String"
                            required="true">
         <% inf1.setJsObjectNeeded(true);
         inf1.setClientEvent(EventTrigger.ON_BLUR, "checkinput()"); %>
         </hbj:inputField>
         <br>
         <hbj:textView id="tv2" text="City"/>
         <hbj:inputField id="inf2" type="String"/>
         <hbj:button id="b1" text ="submit" onClick="onSubmitclicked"/> 
      </hbj:form>
    </hbj:page>
  </hbj:content>
  Regards,
  sireesha.

• Cannot record/playback script with certificate in OpenScript.

  Hi all,
  We are trying to record a simple load testing login script with a certificate, in OpenScript.
  But Internet Explorer just "hangs" for a long time where the certificate selection dialog is supposed to show up, then the message "Content-Length: 0 Connection: Keep-Alive" is shown in the browser.
  It doesn't work as an OpneScript functional test either. We can record the functional script, but at playback it fails to select a certificate in the "choose a digital certificate" dialog and eventually gets a timeout.
  Anyone having this problem?
  Axel

  Hi,
  I can't post the information here but might be able to send them on mail if needed.
  Addition: We can not make a simple HTTPS login-script even without a client-side certificate.
  Axel

• Having problem with client side Authentication.

  Hi,
  I am haveing a problem enabling client side authentication with SSL on
  weblogic 5.1.
  I have set up the .properties files as explained, however it appears
  my client is not sending a certificate back to the server. The same
  client however works perfectly (using the same keystore file) with a
  sample ClassFileSErver webserver from the jsse distribution. (the
  client is a very slightly modified version of
  SSLSocketClientWithClientAuth sample that comes with Jsse)
  Below I've included a section of the debug dump from the interactions.
  The only other difference I can see is the cipher suites offered by
  the servers.
  Weblogic offers type 0 or 9, and agrees on type 9
  (SSL_RSA_WITH_DES_CBC_SHA), whereas ClassFileServer offer type 0 or 5
  and settles on type 5 (SSL_RSA_WITH_RC4_128_SHA).
  I am using the same keystore for both examples. Both servers request
  an RSA client cert.... I'm out of ideas.
  Any help would be greatfully received.
  Cheers,
  Keith
  Debug dump information
  =====================================
  1/Weblogic server.
  *** CertificateRequest
  Cert Types: RSA,
  Cert Authorities:
  <CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
  <[email protected], CN=Demo Certificate Authority,
  OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US>
  <CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
  ST=FOR TESTING PURPOSES ONLY, C=ZA>
  [read] MD5 and SHA1 hashes: len = 427
  0000: 0D 00 01 A7 01 01 01 A3 00 67 30 65 31 0B 30 09
  .........g0e1.0.
  0010: 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03 55
  ..U....ie1.0...U
  0020: 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06 03
  ....Dublin1.0...
  0030: 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10 06
  U....Dublin1.0..
  0040: 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65 31
  .U....itsmobile1
  0050: 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F 62
  .0...U....itsmob
  0060: 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B 20
  ile1.0...U....K
  0070: 48 00 AC 30 81 A9 31 0B 30 09 06 03 55 04 06 13
  H..0..1.0...U...
  0080: 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61
  .US1.0...U....Ca
  0090: 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04
  lifornia1.0...U.
  00A0: 07 13 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F ...San
  Francisco
  00B0: 31 15 30 13 06 03 55 04 0A 13 0C 42 45 41 20 57
  1.0...U....BEA W
  00C0: 65 62 4C 6F 67 69 63 31 11 30 0F 06 03 55 04 0B
  ebLogic1.0...U..
  00D0: 13 08 53 65 63 75 72 69 74 79 31 23 30 21 06 03
  ..Security1#0!..
  00E0: 55 04 03 13 1A 44 65 6D 6F 20 43 65 72 74 69 66 U....Demo
  Certif
  00F0: 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 31 icate
  Authority1
  0100: 1E 30 1C 06 09 2A 86 48 86 F7 0D 01 09 01 16 0F
  .0...*.H........
  0110: 73 75 70 70 6F 72 74 40 62 65 61 2E 63 6F 6D 00
  [email protected].
  0120: 8A 30 81 87 31 0B 30 09 06 03 55 04 06 13 02 5A
  .0..1.0...U....Z
  0130: 41 31 22 30 20 06 03 55 04 08 13 19 46 4F 52 20 A1"0
  ..U....FOR
  0140: 54 45 53 54 49 4E 47 20 50 55 52 50 4F 53 45 53 TESTING
  PURPOSES
  0150: 20 4F 4E 4C 59 31 1D 30 1B 06 03 55 04 0A 13 14
  ONLY1.0...U....
  0160: 54 68 61 77 74 65 20 43 65 72 74 69 66 69 63 61 Thawte
  Certifica
  0170: 74 69 6F 6E 31 17 30 15 06 03 55 04 0B 13 0E 54
  tion1.0...U....T
  0180: 45 53 54 20 54 45 53 54 20 54 45 53 54 31 1C 30 EST TEST
  TEST1.0
  0190: 1A 06 03 55 04 03 13 13 54 68 61 77 74 65 20 54
  ...U....Thawte T
  01A0: 65 73 74 20 43 41 20 52 6F 6F 74 est CA Root
  main, READ: SSL v3.0 Handshake, length = 4
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  main, SEND SSL v3.0 ALERT: warning, description = no_certificate
  main, WRITE: SSL v3.0 Alert, length = 2
  And below is a sample when I used the ClassFileServer.
  This time the client (same src) returned a certificate.
  2/ClassFileSErver (from Sun Jsse distribution)
  *** CertificateRequest
  Cert Types: DSS, RSA,
  Cert Authorities:
  <CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
  [read] MD5 and SHA1 hashes: len = 114
  0000: 0D 00 00 6E 02 02 01 00 69 00 67 30 65 31 0B 30
  ...n....i.g0e1.0
  0010: 09 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03
  ...U....ie1.0...
  0020: 55 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06
  U....Dublin1.0..
  0030: 03 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10
  .U....Dublin1.0.
  0040: 06 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65
  ..U....itsmobile
  0050: 31 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F
  1.0...U....itsmo
  0060: 62 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B
  bile1.0...U....K
  0070: 20 48 H
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  matching client alias : rsakey
  *** Certificate chain

  Matt,
  Did you read this article:
  https://wiki.sdn.sap.com/wiki/display/BSP/Using%20Proxies
  This explains how to properly setup the HTTPURLLOC table.
  In your case you should have entries that look something like this:
  40 HTTP   * <internal host name> <https port>
  50 HTTPS * <external host name> <https port>
  In addition you need to run the report to determine if the proxy configuration is setup properly.  The URL should be run with the
  https://<externalhostname>/sap/bc/bsp/sap/system_test/test_proxy.htm
  Take care,
  Stephen

• How to call the client side procedure...with trigger code

  hi
  i have made a client side procedure with one IN PARAMETER having datatype number. i call this procedure through a button in which i declare a CURSOR
  (all_emp)...so in the BEGIN SECTION i make a loop as (FOR e IN all_emp LOOP) and then call the client side procedure as CALC_EMP_PR_ALW_DED(e.emp_id); but here the error show that is statment ignored....
  so plz help me that where i am wrong.... here is the trigger code
  working in forms 6i...
  IF SHOW_LOV('LOV_EMP') THEN
       NULL;
  END IF;
  DECLARE
       CURSOR all_emp IS
                 SELECT DISTINCT e.emp_id
                 FROM alw_ded ad,emp_alw_ded ead,emp e
                 WHERE NVL(ead.status,'A') = 'A'
                 AND NVL(e.stat,'A') = 'A'
                 AND ead.ad_id = ad.ad_id
                 AND e.emp_id = ead.emp_id
                 AND ead.emp_id = :CON_BLK.emp_id;
  BEGIN
            FOR e IN all_emp LOOP
                 CALC_EMP_PR_ALW_DED(e.emp_id);
            END LOOP;
  END;
  thankx in advance

  yes i did same and i send u the procedure code as... now i wnt to use these
  PROCEDURE CALC_EMP_PR_ALW_DED(P_EMP_ID IN NUMBER) IS
  v_basic NUMBER; --Basic Pay of employee
  v_l_p CHAR(1); -- Percentage or Lump sum
  v_amount NUMBER; -- Amount or value of Allow/ded/contr
  v_max_limit NUMBER;
  v_type NUMBER; -- Allow/ded/cont          
  v_b_g CHAR(1); -- Basic or Gross
  v_min_limit NUMBER;
  v_emp_id NUMBER;
  v_user Varchar2(20);
  v_gross NUMBER;
  v_max_amount NUMBER; -- DEDUCTION ACTUAL AMOUNT NOT MAX
  up_limit NUMBER;
  new_amt number;
  CURSOR all_alw_ded IS
       SELECT ad.abbre,ead.ead_id,e.emp_id,descrip,l_p,ad.amount,nvl(ad.max_limit,0) max_limit,b_g,ad.type,nvl(ad.min_limit,0) min_limit
                 FROM alw_ded ad,emp_alw_ded ead,emp e
                 WHERE NVL(ead.status,'A') = 'A'
                 AND NVL(ad.TYPE,'A') = 'A'
                 AND ead.ad_id = ad.ad_id
                 AND e.emp_id = ead.emp_id
                 AND e.emp_id = P_EMP_ID;
  BEGIN
            SELECT USER
            INTO v_user
            FROM
            DUAL;
                 FOR e IN all_alw_ded LOOP
                                IF e.type = 'A' THEN
                                new_amt := Trunc(e.amount);
                                ELSE
                                     new_amt := Round(e.amount);
                                END IF;
                           IF e.l_p = 'P' AND e.b_g = 'B' THEN
                                v_basic := nvl(HRPR.EMP_BASIC(e.emp_id),0);
                           END IF;          
                                     SELECT nvl(BASIC_PAY,0) INTO v_basic FROM EMP WHERE EMP_ID=P_EMP_ID;
                                     IF NVL(e.max_limit,0) > 0 THEN
                                          up_limit := nvl(((v_basic * nvl(e.amount,0))/100),0);     
                                          IF up_limit > e.max_limit THEN
                                               v_max_amount := nvl(e.max_limit,0);
                                     --     v_max_amount :=100;
                                          ELSE
                                               v_max_amount := ((nvl(v_basic,0) * nvl(e.amount,0))/100);
                                          END IF;
                                          ELSE
                                               v_max_amount := ((nvl(v_basic,0) * nvl(e.amount,0))/100);
                                               --     v_max_amount :=200;
                                          END IF;
                           IF e.l_p = 'P' AND e.b_g = 'G' THEN -- %AGE AND GROSS... CHECK NOT PRESENT...?? AHSAN 10-09-05
                                v_gross := HRPR.EMP_GROSS(e.emp_id);
                                IF e.type = 'A' THEN
                                     new_amt := Trunc((v_gross * e.amount)/100);
                                ELSE
                                     new_amt := Round((v_gross * e.amount)/100);
                                END IF;
                           END IF;
                 END LOOP;
            END;
  -- END; ------- PROCEDURE END

• Client side authentication, 2 sided SSL

  Hi,
  Is using client side SSL auth. effective when working (via webservice) with a load balancer (SSL termination) that passes requests to a server connected to it?
  Is this ok? considered a best practice? does the client side certificate add any security?
  THANKS!

  I agree with you sabre150. However, I was restricting my comments to the authentication part of Access Control (which I once defined in a book as being a three-part protocol dance, where every part is related, but independent):
  i) Identification - where someone claims to be somebody who needs access to a resource;
  2) Authentication - where that someone has to prove they are who they claim to be; and
  3) Authorization - where the system determines if that authenticated entity is authorized to access the resource.
  Sending the Client SSL certificate is Identification (anyone can do this so it doesn't prove anything). Digitally signing the nonce sent by the server is the proof (and the Authentication part of the dance). Verifying authorization is completely separate from the authentication part of the decision (which is what you referred to).
  Many people confuse all three steps as "authentication" because it happens seamlessly on most systems; but in reality, they are distinct parts that can be interchanged - you can use a username-string as an identifier, a password as an authenticator and a UNIX group membership for authorization. You can also use an LDAP DN as an identifier, a digital signature as an authenticator and a XACML rule-set for authorization - and so on.
  In the end, a system must do all three parts of the dance to provide access to protected resources; SSL ClientAuth focuses on only the authentication part of the dance; and for SSL ClientAuth to be considered secure, the protection of the Private Key becomes the single most important determinant. Everything after the verification of the digital signature is an authorization decision (which you pointed out).
  (Sorry for the long answer, but I often make mistaken assumptions that cause me to write more cryptically than I should).
  Arshad Noor
  StrongAuth, Inc.