Class AbstractX509ClientCertificateAuthenticator
java.lang.Object
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
- All Implemented Interfaces:
Authenticator
,Provider
- Direct Known Subclasses:
AbstractX509ClientCertificateDirectGrantAuthenticator
,X509ClientCertificateAuthenticator
public abstract class AbstractX509ClientCertificateAuthenticator
extends Object
implements Authenticator
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static class
protected static class
protected static class
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
protected static ServicesLogger
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncertificateValidationParameters
(KeycloakSession session, X509AuthenticatorConfigModel config) void
close()
boolean
configuredFor
(KeycloakSession session, RealmModel realm, UserModel user) Is this authenticator configured for this user.protected jakarta.ws.rs.core.Response
createInfoResponse
(AuthenticationFlowContext context, String infoMessage, Object... parameters) protected X509Certificate[]
protected void
boolean
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?protected void
void
setRequiredActions
(KeycloakSession session, RealmModel realm, UserModel user) Set actions to configure authenticatorMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.authentication.Authenticator
action, areRequiredActionsEnabled, authenticate, getRequiredActions
-
Field Details
-
DEFAULT_ATTRIBUTE_NAME
- See Also:
-
logger
-
REGULAR_EXPRESSION
- See Also:
-
ENABLE_CRL
- See Also:
-
ENABLE_OCSP
- See Also:
-
OCSP_FAIL_OPEN
- See Also:
-
ENABLE_CRLDP
- See Also:
-
CANONICAL_DN
- See Also:
-
TIMESTAMP_VALIDATION
- See Also:
-
SERIALNUMBER_HEX
- See Also:
-
CRL_RELATIVE_PATH
- See Also:
-
OCSPRESPONDER_URI
- See Also:
-
OCSPRESPONDER_CERTIFICATE
- See Also:
-
MAPPING_SOURCE_SELECTION
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN_CN
- See Also:
-
MAPPING_SOURCE_CERT_ISSUERDN
- See Also:
-
MAPPING_SOURCE_CERT_SERIALNUMBER
- See Also:
-
MAPPING_SOURCE_CERT_SHA256_THUMBPRINT
- See Also:
-
MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN
- See Also:
-
MAPPING_SOURCE_CERT_CERTIFICATE_PEM
- See Also:
-
USER_MAPPER_SELECTION
- See Also:
-
USER_ATTRIBUTE_MAPPER
- See Also:
-
USERNAME_EMAIL_MAPPER
- See Also:
-
CUSTOM_ATTRIBUTE_NAME
- See Also:
-
CERTIFICATE_KEY_USAGE
- See Also:
-
CERTIFICATE_EXTENDED_KEY_USAGE
- See Also:
-
CERTIFICATE_POLICY
- See Also:
-
CERTIFICATE_POLICY_MODE
- See Also:
-
CERTIFICATE_POLICY_MODE_ALL
- See Also:
-
CERTIFICATE_POLICY_MODE_ANY
- See Also:
-
CONFIRMATION_PAGE_DISALLOWED
- See Also:
-
REVALIDATE_CERTIFICATE
- See Also:
-
-
Constructor Details
-
AbstractX509ClientCertificateAuthenticator
public AbstractX509ClientCertificateAuthenticator()
-
-
Method Details
-
createInfoResponse
protected jakarta.ws.rs.core.Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object... parameters) -
certificateValidationParameters
public CertificateValidator.CertificateValidatorBuilder certificateValidationParameters(KeycloakSession session, X509AuthenticatorConfigModel config) throws Exception - Throws:
Exception
-
close
public void close() -
getCertificateChain
-
saveX509CertificateAuditDataToAuthSession
protected void saveX509CertificateAuditDataToAuthSession(AuthenticationFlowContext context, X509Certificate cert) -
recordX509CertificateAuditDataViaContextEvent
-
getUserIdentityExtractor
-
getUserIdentityToModelMapper
-
requiresUser
public boolean requiresUser()Description copied from interface:Authenticator
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Specified by:
requiresUser
in interfaceAuthenticator
- Returns:
-
configuredFor
Description copied from interface:Authenticator
Is this authenticator configured for this user.- Specified by:
configuredFor
in interfaceAuthenticator
- Returns:
-
setRequiredActions
Description copied from interface:Authenticator
Set actions to configure authenticator- Specified by:
setRequiredActions
in interfaceAuthenticator
-