java.lang.Object
- org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
- - org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator
  - - org.keycloak.authentication.authenticators.x509.ValidateX509CertificateUsername

All Implemented Interfaces:: Authenticator, Provider

public class ValidateX509CertificateUsername
extends AbstractX509ClientCertificateDirectGrantAuthenticator

Version:: $Revision: 1 $
Author:: Peter Nalyvayko

Nested Class Summary
- Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
  AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder

Field Summary

Fields
Modifier and Type Field Description

protected static ServicesLogger logger
- Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
  CANONICAL_DN, CERTIFICATE_EXTENDED_KEY_USAGE, CERTIFICATE_KEY_USAGE, CERTIFICATE_POLICY, CERTIFICATE_POLICY_MODE, CERTIFICATE_POLICY_MODE_ALL, CERTIFICATE_POLICY_MODE_ANY, CONFIRMATION_PAGE_DISALLOWED, CRL_RELATIVE_PATH, CUSTOM_ATTRIBUTE_NAME, DEFAULT_ATTRIBUTE_NAME, ENABLE_CRL, ENABLE_CRLDP, ENABLE_OCSP, MAPPING_SOURCE_CERT_CERTIFICATE_PEM, MAPPING_SOURCE_CERT_ISSUERDN, MAPPING_SOURCE_CERT_SERIALNUMBER, MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN, MAPPING_SOURCE_CERT_SHA256_THUMBPRINT, MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL, MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME, MAPPING_SOURCE_CERT_SUBJECTDN, MAPPING_SOURCE_CERT_SUBJECTDN_CN, MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL, MAPPING_SOURCE_SELECTION, OCSP_FAIL_OPEN, OCSPRESPONDER_CERTIFICATE, OCSPRESPONDER_URI, REGULAR_EXPRESSION, REVALIDATE_CERTIFICATE, SERIALNUMBER_HEX, TIMESTAMP_VALIDATION, USER_ATTRIBUTE_MAPPER, USER_MAPPER_SELECTION, USERNAME_EMAIL_MAPPER

Constructor Summary

Constructors
Constructor Description

ValidateX509CertificateUsername()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`action(AuthenticationFlowContext context)`	Called from a form action invocation.
`void`	`authenticate(AuthenticationFlowContext context)`	Initial call for the authenticator.

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator
errorResponse

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
certificateValidationParameters, close, configuredFor, createInfoResponse, getCertificateChain, getUserIdentityExtractor, getUserIdentityToModelMapper, recordX509CertificateAuditDataViaContextEvent, requiresUser, saveX509CertificateAuditDataToAuthSession, setRequiredActions

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled, getRequiredActions

- Field Detail
  - logger
```
protected static ServicesLogger logger
```
- Constructor Detail
  - ValidateX509CertificateUsername
```
public ValidateX509CertificateUsername()
```
- Method Detail
  - authenticate
```
public void authenticate(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.
  - action
```
public void action(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Called from a form action invocation.
    
    Specified by:
    
    action in interface Authenticator
    
    Overrides:
    
    action in class AbstractX509ClientCertificateDirectGrantAuthenticator

Class ValidateX509CertificateUsername

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.authentication.Authenticator

Field Detail

logger

Constructor Detail

ValidateX509CertificateUsername

Method Detail

authenticate

action