Is it possible for an application to silently check all client certificates installed in the browser and then decide to use either one of them or a username/password approach to authenticate the user ? Setting <ssl-config needs-client-auth="true"... will force the user to choose, but I would like to avoid that.
Best Kjell
