THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
If a 2-way TLS is used to authenticate a client and Client has a Base64 encoded representations of its X509Certificates available in its "applicationCertificates" property then AccessTokenService will do the additional comparison of these certificates against the ones available in the current TLS session.
New: OAuth 2.0 Mutual TLS Profiles for OAuth2 Clients-TLS Client Authentication and Certificate-Bound Access Tokens is completely supported since CXF 3.1.12. Note some parameters used in this draft may change.
...