= X.509 + Form Login MFA Sample

This sample demonstrates configuring Spring Security to require both an X.509 Certificate and a Username/Password Login in order to enter the site with full permissions.

== Preparing to Use X.509

This sample is intended to be used in a browser.
As such, you should:

1. Configure your browser to trust the `ca.crt` that accompanies this project
2. Configure your browser with the `josh-keystore.p12` client certificate

Both `api-keystore.p12` and `josh-keystore.p12` use keys signed by `ca.crt`.
This means that after the above steps are performed, you can also use this application without getting a security warning in your browser.

== Using the Sample

To run, please use:

.Java
[source,java,role="primary"]
----
./gradlew :bootRun
----

This will start an application on 8443, meaning you will need to reach it using HTTPS.

You can reach the website at https://api.127.0.0.1.nip.io:8443.
If that isn't working for you, please try https://localhost:8443.

With the client certificate (`josh-keystore.p12`) correctly installed in the browser, it will ask you which client certificate you want to you.
Select `josh`.

You will then be redirected to the login page where you can use `josh/password` as the username and password.