Implementing SSO to AS Java with X.509 Client Certificate and a Web Dispatcher

Hello,

I have implemented SSO to AS Java (SAP Portal) using X.509 Client Certificate.

When I try to logon without passing through the Web Dispatcher (direct call to the SAP Portal in Intranet) my SSO works properly and I'm able to logon without writing any user and password, thanks to my X.509 Client Certificate.

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1. com.sap.engine.services.security.server.jaas.ClientCertLoginModule      SUFFICIENT  ok          true       true

        \#1 Rule1.AttributeName = CN

        \#2 Rule1.getUserFrom = subjectName

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok                     true

Central Checks                                                                                                   true                  #

My problem arises when I try to call my SAP Portal from the Internet passing through my SAP Web Dispatcher, so I've got the following error:

LOGIN.FAILED
User: N/A

Authentication Stack: ticket

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.engine.services.security.server.jaas.ClientCertLoginModule      SUFFICIENT  ok          exception             true       Authentication did not succeed.
        \#1 Rule1.AttributeName = CN
        \#2 Rule1.getUserFrom = subjectName
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false      #

How could I manage my X.509 Client Certicate when I have to pass through my Web Dispatcher?

Thanks!

Fabrizio