I have a web application. After I logged in using digital certificate, if i need to access a sensitive url in the application, there should be a certificate validation mechanism. This should ask for certificate again, but not the credentials. Its just a dialog for certificate selection. The user need to reselect the same certificate with which he logged in.
First we need to understand the requirement (and 'we' includes you). The session has already been authenticated, so on the face of it the requirement is redundant. Is it some scheme to ensure the same user is still logged on?
Sometimes features are specified without the specifier knowing exactly how to meet the requirement. Having an implementor who doesn't understand the requirement implement a specification that doesn't meet the requirement is pretty pointless.
I am working on an application which integrates portal with an applet. The user logs into the portal using a certificate and credentials.Then the user selects an url from the portal which leads to my applet. After selecting the url and before the applet is displayed, I need to re authenticate the user by re-selecting the certificate.
That is mostly just a repetition of your original problem statement. The information about portals is interesting but doesn't answer the question. I am asking for the reason behind this requirement, and indeed I suggested a possible reason myself.