Consider the scenario:

• The client enables the authentication thru ConfigurationBuilder (i.e cb.security().authentication())
• The Server's SSL configuration doesn't require client authentication (i.e require-ssl-client-auth="false") and in addition the security-realm's <authentication .../> doesn't include a <truststore .../>

In such a scenario the client is unable to authenticate as the following exception is thrown in the server side logs:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

One sided communication encryption (with client storing server's certificate in its trust store) should be supported particularly when the client wants to authenticate via credentials