Class X509ClientCertificateAuthenticator
java.lang.Object
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
org.keycloak.authentication.authenticators.x509.X509ClientCertificateAuthenticator
- All Implemented Interfaces:
Authenticator
,Provider
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
Nested Class Summary
Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder
-
Field Summary
Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
CANONICAL_DN, CERTIFICATE_EXTENDED_KEY_USAGE, CERTIFICATE_KEY_USAGE, CERTIFICATE_POLICY, CERTIFICATE_POLICY_MODE, CERTIFICATE_POLICY_MODE_ALL, CERTIFICATE_POLICY_MODE_ANY, CONFIRMATION_PAGE_DISALLOWED, CRL_RELATIVE_PATH, CUSTOM_ATTRIBUTE_NAME, DEFAULT_ATTRIBUTE_NAME, ENABLE_CRL, ENABLE_CRLDP, ENABLE_OCSP, logger, MAPPING_SOURCE_CERT_CERTIFICATE_PEM, MAPPING_SOURCE_CERT_ISSUERDN, MAPPING_SOURCE_CERT_SERIALNUMBER, MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN, MAPPING_SOURCE_CERT_SHA256_THUMBPRINT, MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL, MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME, MAPPING_SOURCE_CERT_SUBJECTDN, MAPPING_SOURCE_CERT_SUBJECTDN_CN, MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL, MAPPING_SOURCE_SELECTION, OCSP_FAIL_OPEN, OCSPRESPONDER_CERTIFICATE, OCSPRESPONDER_URI, REGULAR_EXPRESSION, REVALIDATE_CERTIFICATE, SERIALNUMBER_HEX, TIMESTAMP_VALIDATION, USER_ATTRIBUTE_MAPPER, USER_MAPPER_SELECTION, USERNAME_EMAIL_MAPPER
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
action
(AuthenticationFlowContext context) Called from a form action invocation.void
authenticate
(AuthenticationFlowContext context) Initial call for the authenticator.void
close()
Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
certificateValidationParameters, configuredFor, createInfoResponse, getCertificateChain, getUserIdentityExtractor, getUserIdentityToModelMapper, recordX509CertificateAuditDataViaContextEvent, requiresUser, saveX509CertificateAuditDataToAuthSession, setRequiredActions
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled, getRequiredActions
-
Constructor Details
-
X509ClientCertificateAuthenticator
public X509ClientCertificateAuthenticator()
-
-
Method Details
-
close
public void close()- Specified by:
close
in interfaceProvider
- Overrides:
close
in classAbstractX509ClientCertificateAuthenticator
-
authenticate
Description copied from interface:Authenticator
Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below. -
action
Description copied from interface:Authenticator
Called from a form action invocation.
-