A server component where a client connects via TLS secured connection. The client has a smartcard that has been provided by a CA
The server should check the certificate of the client, check the OCSP Status and authenticate the client via a challenge and response protocol.
The the server issues the client a signed authentication token.
The server is connected to a HSM that holds the private keys for TLS authentication and signature generation for the token.
Solution has to be provided as kubernetes container.