diff --git a/docs/assets/client-authorization-flow.drawio.svg b/docs/assets/client-authorization-flow.drawio.svg
new file mode 100644
index 0000000..371cddc
--- /dev/null
+++ b/docs/assets/client-authorization-flow.drawio.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than draw.io -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="621px" height="1121px" viewBox="-0.5 -0.5 621 1121" class="ge-export-svg-auto" content="&lt;mxfile host=&quot;app.diagrams.net&quot; agent=&quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36&quot; version=&quot;24.8.3&quot; scale=&quot;1&quot; border=&quot;0&quot;&gt;&#10;  &lt;diagram name=&quot;Page-1&quot; id=&quot;LZZ-MgC363mt_nKGfgK0&quot;&gt;&#10;    &lt;mxGraphModel dx=&quot;1572&quot; dy=&quot;1132&quot; grid=&quot;1&quot; gridSize=&quot;10&quot; guides=&quot;1&quot; tooltips=&quot;1&quot; connect=&quot;1&quot; arrows=&quot;1&quot; fold=&quot;1&quot; page=&quot;1&quot; pageScale=&quot;1&quot; pageWidth=&quot;850&quot; pageHeight=&quot;1100&quot; math=&quot;0&quot; shadow=&quot;0&quot;&gt;&#10;      &lt;root&gt;&#10;        &lt;mxCell id=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;1&quot; parent=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; value=&quot;X509 Certificate Based Client Authorization Flow&quot; style=&quot;swimlane;childLayout=stackLayout;resizeParent=1;resizeParentMax=0;horizontal=1;startSize=20;horizontalStack=0;html=1;&quot; vertex=&quot;1&quot; parent=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;110&quot; y=&quot;220&quot; width=&quot;620&quot; height=&quot;1120&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-2&quot; value=&quot;Client&quot; style=&quot;swimlane;startSize=20;horizontal=0;html=1;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot;&gt;&#10;          &lt;mxGeometry y=&quot;20&quot; width=&quot;620&quot; height=&quot;90&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-12&quot; value=&quot;Send request&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.start_2;whiteSpace=wrap;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;align=center;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-2&quot;&gt;&#10;          &lt;mxGeometry x=&quot;50&quot; y=&quot;10&quot; width=&quot;30&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; value=&quot;Keycloak&quot; style=&quot;swimlane;startSize=20;horizontal=0;html=1;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot;&gt;&#10;          &lt;mxGeometry y=&quot;110&quot; width=&quot;620&quot; height=&quot;340&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-15&quot; value=&quot;Verify client certificate (optional)&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;50&quot; y=&quot;20&quot; width=&quot;150&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-137&quot; value=&quot;&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-136&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot; value=&quot;X509 Certificate Client Authenticator&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;450&quot; y=&quot;270&quot; width=&quot;140&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-129&quot; value=&quot;INVALID&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-122&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-128&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-122&quot; value=&quot;&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.decision;whiteSpace=wrap;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;100&quot; y=&quot;100&quot; width=&quot;50&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-124&quot; value=&quot;&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-15&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-122&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-128&quot; value=&quot;Disconnect&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;250&quot; y=&quot;100&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-132&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-130&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-131&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-130&quot; value=&quot;Is request for client with X509 Authenticator configured?&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;50&quot; y=&quot;190&quot; width=&quot;150&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-126&quot; value=&quot;VALID (OR NO CLIENT CERT)&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-122&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-130&quot;&gt;&#10;          &lt;mxGeometry x=&quot;-0.2083&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-135&quot; value=&quot;NO&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-131&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-134&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-131&quot; value=&quot;&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.decision;whiteSpace=wrap;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;100&quot; y=&quot;270&quot; width=&quot;50&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-134&quot; value=&quot;Continue with other client authenticator.&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;250&quot; y=&quot;270&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-136&quot; value=&quot;Authorize request&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.start_2;whiteSpace=wrap;verticalAlign=bottom;labelPosition=center;verticalLabelPosition=top;align=center;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-4&quot;&gt;&#10;          &lt;mxGeometry x=&quot;505&quot; y=&quot;205&quot; width=&quot;30&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-18&quot; style=&quot;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;edgeStyle=orthogonalEdgeStyle;elbow=vertical;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-12&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-11&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-20&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-11&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-15&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-65&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-62&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-71&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-69&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-106&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-39&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; value=&quot;Envoy X509 client certificate lookup&quot; style=&quot;swimlane;startSize=20;horizontal=0;html=1;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot;&gt;&#10;          &lt;mxGeometry y=&quot;450&quot; width=&quot;620&quot; height=&quot;670&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-21&quot; value=&quot;Is cert-path-verify configured?&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;50&quot; y=&quot;20&quot; width=&quot;150&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-40&quot; value=&quot;NO&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.903;exitY=0.485;exitDx=0;exitDy=0;exitPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-23&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-39&quot;&gt;&#10;          &lt;mxGeometry x=&quot;0.0225&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-58&quot; value=&quot;YES&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-23&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-57&quot;&gt;&#10;          &lt;mxGeometry x=&quot;-0.1429&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-23&quot; value=&quot;&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.decision;whiteSpace=wrap;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;100&quot; y=&quot;100&quot; width=&quot;50&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-24&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-21&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-23&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-39&quot; value=&quot;Return client certificate from the XFCC header (if any).&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;311.25&quot; y=&quot;100&quot; width=&quot;155&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-61&quot; value=&quot;&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-57&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-59&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-57&quot; value=&quot;Check if the received request includes a client certificate in the TLS layer.&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;45&quot; y=&quot;190&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-63&quot; value=&quot;NO&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-59&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-62&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-67&quot; value=&quot;YES&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-59&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-101&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;180&quot; y=&quot;370&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-59&quot; value=&quot;&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.decision;whiteSpace=wrap;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;100&quot; y=&quot;270&quot; width=&quot;50&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-62&quot; value=&quot;Do not return client certificate.&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;311.25&quot; y=&quot;270&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-68&quot; value=&quot;DOES NOT MATCH&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-104&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-69&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;300&quot; y=&quot;464.9999999999998&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;240.00000000000023&quot; y=&quot;385&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-69&quot; value=&quot;Return client certificate from TLS layer.&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;311.25&quot; y=&quot;440&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-105&quot; value=&quot;&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-101&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-104&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-101&quot; value=&quot;Attempt to verify the TLS layer client certificate path with given criteria.&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;45&quot; y=&quot;360&quot; width=&quot;160&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-109&quot; value=&quot;MATCHES&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-104&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-114&quot;&gt;&#10;          &lt;mxGeometry x=&quot;0.4102&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;125&quot; y=&quot;530&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-104&quot; value=&quot;&quot; style=&quot;strokeWidth=2;html=1;shape=mxgraph.flowchart.decision;whiteSpace=wrap;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;100&quot; y=&quot;440&quot; width=&quot;50&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-114&quot; value=&quot;Return client certificate from the XFCC header (if any).&quot; style=&quot;rounded=1;whiteSpace=wrap;html=1;absoluteArcSize=1;arcSize=14;strokeWidth=2;&quot; vertex=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-10&quot;&gt;&#10;          &lt;mxGeometry x=&quot;310&quot; y=&quot;590&quot; width=&quot;157.5&quot; height=&quot;50&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-116&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-114&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-64&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-121&quot; value=&quot;&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-15&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-11&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-133&quot; value=&quot;YES&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-131&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-21&quot;&gt;&#10;          &lt;mxGeometry x=&quot;-0.5&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint as=&quot;offset&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;jJJ6bTEQGA4TlNa4jCcB-140&quot; style=&quot;edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;&quot; edge=&quot;1&quot; parent=&quot;jJJ6bTEQGA4TlNa4jCcB-1&quot; source=&quot;jJJ6bTEQGA4TlNa4jCcB-12&quot; target=&quot;jJJ6bTEQGA4TlNa4jCcB-15&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;      &lt;/root&gt;&#10;    &lt;/mxGraphModel&gt;&#10;  &lt;/diagram&gt;&#10;&lt;/mxfile&gt;&#10;"><defs><style type="text/css">@media (prefers-color-scheme: dark) {&#xa;svg.ge-export-svg-auto:not(mjx-container &gt; svg) { filter: invert(100%) hue-rotate(180deg); }&#xa;svg.ge-export-svg-auto foreignObject img,&#xa;svg.ge-export-svg-auto image:not(svg.ge-export-svg-auto switch image),&#xa;svg.ge-export-svg-auto svg:not(mjx-container &gt; svg)&#xa;{ filter: invert(100%) hue-rotate(180deg) }&#xa;}</style></defs><g><g data-cell-id="0"><g data-cell-id="1"><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-1"><g><path d="M 0 20 L 0 0 L 620 0 L 620 20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 0 20 L 0 1120 L 620 1120 L 620 20" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 0 20 L 620 20" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 10px; margin-left: 310px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">X509 Certificate Based Client Authorization Flow</div></div></div></foreignObject><text x="310" y="14" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle" font-weight="bold">X509 Certificate Based Client Authorization Flow</text></switch></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-2"><g><path d="M 20 20 L 0 20 L 0 110 L 20 110" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 20 20 L 620 20 L 620 110 L 20 110" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 20 20 L 20 110" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/></g><g><g transform="translate(-0.5 -0.5)rotate(-90 10 65)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 65px; margin-left: 10px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Client</div></div></div></foreignObject><text x="10" y="69" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle" font-weight="bold">Client</text></switch></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-12"><g><ellipse cx="65" cy="45" rx="15" ry="15" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 28px; height: 1px; padding-top: 67px; margin-left: 51px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Send request</div></div></div></foreignObject><text x="65" y="79" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Send...</text></switch></g></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-4"><g><path d="M 20 110 L 0 110 L 0 450 L 20 450" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 20 110 L 620 110 L 620 450 L 20 450" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 20 110 L 20 450" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/></g><g><g transform="translate(-0.5 -0.5)rotate(-90 10 280)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 280px; margin-left: 10px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Keycloak</div></div></div></foreignObject><text x="10" y="284" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle" font-weight="bold">Keycloak</text></switch></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-15"><g><rect x="50" y="130" width="150" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 155px; margin-left: 51px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Verify client certificate (optional)</div></div></div></foreignObject><text x="125" y="159" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Verify client certificate...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-137"><g><path d="M 520 380 L 520 360 L 520 365 L 520 351.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 520 346.12 L 523.5 353.12 L 520 351.37 L 516.5 353.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-64"><g><rect x="450" y="380" width="140" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 405px; margin-left: 451px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">X509 Certificate Client Authenticator</div></div></div></foreignObject><text x="520" y="409" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">X509 Certificate Client...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-129"><g><path d="M 150 235 L 243.63 235" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 248.88 235 L 241.88 238.5 L 243.63 235 L 241.88 231.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 235px; margin-left: 200px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">INVALID</div></div></div></foreignObject><text x="200" y="238" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">INVALID</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-122"><g><path d="M 125 210 L 150 235 L 125 260 L 100 235 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-124"><g><path d="M 125 180 L 125 200 L 125 190 L 125 203.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 208.88 L 121.5 201.88 L 125 203.63 L 128.5 201.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-128"><g><rect x="250" y="210" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 235px; margin-left: 251px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Disconnect</div></div></div></foreignObject><text x="330" y="239" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Disconnect</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-132"><g><path d="M 125 350 L 125 370 L 125 360 L 125 373.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 378.88 L 121.5 371.88 L 125 373.63 L 128.5 371.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-130"><g><rect x="50" y="300" width="150" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 325px; margin-left: 51px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Is request for client with X509 Authenticator configured?</div></div></div></foreignObject><text x="125" y="329" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Is request for client wit...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-126"><g><path d="M 125 260 L 125 293.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 298.88 L 121.5 291.88 L 125 293.63 L 128.5 291.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 276px; margin-left: 125px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">VALID (OR NO CLIENT CERT)</div></div></div></foreignObject><text x="125" y="279" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">VALID (OR NO CLIENT CERT)</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-135"><g><path d="M 150 405 L 243.63 405" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 248.88 405 L 241.88 408.5 L 243.63 405 L 241.88 401.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 405px; margin-left: 200px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">NO</div></div></div></foreignObject><text x="200" y="408" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">NO</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-131"><g><path d="M 125 380 L 150 405 L 125 430 L 100 405 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-134"><g><rect x="250" y="380" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 405px; margin-left: 251px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Continue with other client authenticator.</div></div></div></foreignObject><text x="330" y="409" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Continue with other client...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-136"><g><ellipse cx="520" cy="330" rx="15" ry="15" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 28px; height: 1px; padding-top: 312px; margin-left: 506px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Authorize request</div></div></div></foreignObject><text x="520" y="312" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Autho...</text></switch></g></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-65"><g><path d="M 471.25 745 L 520 745 L 520 436.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 520 431.12 L 523.5 438.12 L 520 436.37 L 516.5 438.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-71"><g><path d="M 471.25 915 L 520 915 L 520 436.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 520 431.12 L 523.5 438.12 L 520 436.37 L 516.5 438.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-106"><g><path d="M 466.25 575 L 520 575 L 520 436.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 520 431.12 L 523.5 438.12 L 520 436.37 L 516.5 438.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-10"><g><path d="M 20 450 L 0 450 L 0 1120 L 20 1120" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 20 450 L 620 450 L 620 1120 L 20 1120" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 20 450 L 20 1120" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/></g><g><g transform="translate(-0.5 -0.5)rotate(-90 10 785)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 785px; margin-left: 10px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: nowrap;">Envoy X509 client certificate lookup</div></div></div></foreignObject><text x="10" y="789" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle" font-weight="bold">Envoy X509 client certificate lookup</text></switch></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-21"><g><rect x="50" y="470" width="150" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 495px; margin-left: 51px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Is cert-path-verify configured?</div></div></div></foreignObject><text x="125" y="499" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Is cert-path-verify confi...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-40"><g><path d="M 145.15 574.25 L 230.7 574.3 L 304.88 574.94" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310.13 574.99 L 303.1 578.43 L 304.88 574.94 L 303.16 571.43 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 574px; margin-left: 230px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">NO</div></div></div></foreignObject><text x="230" y="578" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">NO</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-58"><g><path d="M 125 600 L 125 633.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 638.88 L 121.5 631.88 L 125 633.63 L 128.5 631.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 617px; margin-left: 125px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">YES</div></div></div></foreignObject><text x="125" y="620" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">YES</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-23"><g><path d="M 125 550 L 150 575 L 125 600 L 100 575 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-24"><g><path d="M 125 520 L 125 540 L 125 530 L 125 543.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 548.88 L 121.5 541.88 L 125 543.63 L 128.5 541.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-39"><g><rect x="311.25" y="550" width="155" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 153px; height: 1px; padding-top: 575px; margin-left: 312px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Return client certificate from the XFCC header (if any).</div></div></div></foreignObject><text x="389" y="579" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Return client certificate...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-61"><g><path d="M 125 690 L 125 710 L 125 700 L 125 713.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 718.88 L 121.5 711.88 L 125 713.63 L 128.5 711.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-57"><g><rect x="45" y="640" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 665px; margin-left: 46px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Check if the received request includes a client certificate in the TLS layer.</div></div></div></foreignObject><text x="125" y="669" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Check if the received requ...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-63"><g><path d="M 150 745 L 304.88 745" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310.13 745 L 303.13 748.5 L 304.88 745 L 303.13 741.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 745px; margin-left: 231px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">NO</div></div></div></foreignObject><text x="231" y="748" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">NO</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-67"><g><path d="M 125 770 L 125 803.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 808.88 L 121.5 801.88 L 125 803.63 L 128.5 801.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 790px; margin-left: 125px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">YES</div></div></div></foreignObject><text x="125" y="793" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">YES</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-59"><g><path d="M 125 720 L 150 745 L 125 770 L 100 745 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-62"><g><rect x="311.25" y="720" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 745px; margin-left: 312px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Do not return client certificate.</div></div></div></foreignObject><text x="391" y="749" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Do not return client certi...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-68"><g><path d="M 150 915 L 304.88 915" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310.13 915 L 303.13 918.5 L 304.88 915 L 303.13 911.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 915px; margin-left: 231px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">DOES NOT MATCH</div></div></div></foreignObject><text x="231" y="918" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">DOES NOT MATCH</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-69"><g><rect x="311.25" y="890" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 915px; margin-left: 312px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Return client certificate from TLS layer.</div></div></div></foreignObject><text x="391" y="919" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Return client certificate...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-105"><g><path d="M 125 860 L 125 880 L 125 870 L 125 883.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 888.88 L 121.5 881.88 L 125 883.63 L 128.5 881.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-101"><g><rect x="45" y="810" width="160" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 835px; margin-left: 46px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Attempt to verify the TLS layer client certificate path with given criteria.</div></div></div></foreignObject><text x="125" y="839" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Attempt to verify the TLS...</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-109"><g><path d="M 125 940 L 125 1065 L 303.63 1065" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 308.88 1065 L 301.88 1068.5 L 303.63 1065 L 301.88 1061.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 1065px; margin-left: 219px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">MATCHES</div></div></div></foreignObject><text x="219" y="1068" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">MATCHES</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-104"><g><path d="M 125 890 L 150 915 L 125 940 L 100 915 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-114"><g><rect x="310" y="1040" width="157.5" height="50" rx="7" ry="7" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-width="2" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 156px; height: 1px; padding-top: 1065px; margin-left: 311px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Return client certificate from the XFCC header (if any).</div></div></div></foreignObject><text x="389" y="1069" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="12px" text-anchor="middle">Return client certificate...</text></switch></g></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-116"><g><path d="M 467.5 1065 L 520 1065 L 520 436.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 520 431.12 L 523.5 438.12 L 520 436.37 L 516.5 438.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-133"><g><path d="M 125 430 L 125 463.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 468.88 L 121.5 461.88 L 125 463.63 L 128.5 461.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 440px; margin-left: 125px;"><div data-drawio-colors="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 11px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">YES</div></div></div></foreignObject><text x="125" y="443" fill="rgb(0, 0, 0)" font-family="&quot;Helvetica&quot;" font-size="11px" text-anchor="middle">YES</text></switch></g></g></g><g data-cell-id="jJJ6bTEQGA4TlNa4jCcB-140"><g><path d="M 80 45 L 125 45 L 125 123.63" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 125 128.88 L 121.5 121.88 L 125 123.63 L 128.5 121.88 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g></g></g></g></g></g></svg>
\ No newline at end of file
diff --git a/docs/security-and-client-cert-forwarding.md b/docs/security-and-client-cert-forwarding.md
index c4e9f15..3d5298b 100644
--- a/docs/security-and-client-cert-forwarding.md
+++ b/docs/security-and-client-cert-forwarding.md
@@ -51,3 +51,10 @@ This can include a Keycloak admin client to obtain full access to Keycloak.
 The forged certificate can be self-generated by the malicious user, as long as it contains the correct subject name.
 
 ![image](assets/xfcc-scenario-2.drawio.svg)
+
+
+## TEST
+
+This is a test
+
+![image](assets/client-authorization-flow.drawio.svg)