X509ClientCertificateAuthenticator (Keycloak Docs Distribution 21.0.2 API)

java.lang.Object
- org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
- - org.keycloak.authentication.authenticators.x509.X509ClientCertificateAuthenticator

All Implemented Interfaces:: Authenticator, Provider

public class X509ClientCertificateAuthenticator
extends AbstractX509ClientCertificateAuthenticator

Version:: $Revision: 1 $
Author:: Peter Nalyvayko

Nested Class Summary
- Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
  AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder

Field Summary
- Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
  CANONICAL_DN, CERTIFICATE_EXTENDED_KEY_USAGE, CERTIFICATE_KEY_USAGE, CERTIFICATE_POLICY, CERTIFICATE_POLICY_MODE, CERTIFICATE_POLICY_MODE_ALL, CERTIFICATE_POLICY_MODE_ANY, CONFIRMATION_PAGE_DISALLOWED, CRL_RELATIVE_PATH, CUSTOM_ATTRIBUTE_NAME, DEFAULT_ATTRIBUTE_NAME, ENABLE_CRL, ENABLE_CRLDP, ENABLE_OCSP, logger, MAPPING_SOURCE_CERT_CERTIFICATE_PEM, MAPPING_SOURCE_CERT_ISSUERDN, MAPPING_SOURCE_CERT_SERIALNUMBER, MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN, MAPPING_SOURCE_CERT_SHA256_THUMBPRINT, MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL, MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME, MAPPING_SOURCE_CERT_SUBJECTDN, MAPPING_SOURCE_CERT_SUBJECTDN_CN, MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL, MAPPING_SOURCE_SELECTION, OCSP_FAIL_OPEN, OCSPRESPONDER_CERTIFICATE, OCSPRESPONDER_URI, REGULAR_EXPRESSION, REVALIDATE_CERTIFICATE, SERIALNUMBER_HEX, TIMESTAMP_VALIDATION, USER_ATTRIBUTE_MAPPER, USER_MAPPER_SELECTION, USERNAME_EMAIL_MAPPER

Constructor Summary

Constructors
Constructor Description

X509ClientCertificateAuthenticator()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`action(AuthenticationFlowContext context)`	Called from a form action invocation.
`void`	`authenticate(AuthenticationFlowContext context)`	Initial call for the authenticator.
`void`	`close()`

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
certificateValidationParameters, configuredFor, createInfoResponse, getCertificateChain, getUserIdentityExtractor, getUserIdentityToModelMapper, recordX509CertificateAuditDataViaContextEvent, requiresUser, saveX509CertificateAuditDataToAuthSession, setRequiredActions

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled, getRequiredActions

- Constructor Detail
  - X509ClientCertificateAuthenticator
```
public X509ClientCertificateAuthenticator()
```
- Method Detail
  - close
```
public void close()
```
    Specified by:
    
    close in interface Provider
    
    Overrides:
    
    close in class AbstractX509ClientCertificateAuthenticator
  - authenticate
```
public void authenticate(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.
  - action
```
public void action(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Called from a form action invocation.