Metacat

Like the d1_portal, we want to be able to have users authenticate with their preferred Identity Provider via the browser and let the webapp handle their certificate. Any future requests coming from that session will have their client certificate attached to the request before Metacat processes it (for access control considerations, etc).

I think we can base this on the current d1_portal project and then build in the lightweight delegation servlet in Metacat. This will give us control over the UI for authenticating users and allow Metacat to transparently use certificate-based authentication without requiring users to directly handle certificate objects themselves.