Class AbstractX509ClientCertificateAuthenticator
java.lang.Object
org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
- All Implemented Interfaces:
Authenticator,Provider
- Direct Known Subclasses:
AbstractX509ClientCertificateDirectGrantAuthenticator,X509ClientCertificateAuthenticator
public abstract class AbstractX509ClientCertificateAuthenticator
extends Object
implements Authenticator
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static classprotected static classprotected static class -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncertificateValidationParameters(KeycloakSession session, X509AuthenticatorConfigModel config) voidclose()booleanconfiguredFor(KeycloakSession session, RealmModel realm, UserModel user) Is this authenticator configured for this user.protected jakarta.ws.rs.core.ResponsecreateInfoResponse(AuthenticationFlowContext context, String infoMessage, Object... parameters) protected X509Certificate[]protected voidbooleanDoes this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?protected voidvoidsetRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) Set actions to configure authenticatorMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.authentication.Authenticator
action, areRequiredActionsEnabled, authenticate, getRequiredActions
-
Field Details
-
DEFAULT_ATTRIBUTE_NAME
- See Also:
-
REGULAR_EXPRESSION
- See Also:
-
ENABLE_CRL
- See Also:
-
ENABLE_OCSP
- See Also:
-
OCSP_FAIL_OPEN
- See Also:
-
ENABLE_CRLDP
- See Also:
-
CANONICAL_DN
- See Also:
-
TIMESTAMP_VALIDATION
- See Also:
-
SERIALNUMBER_HEX
- See Also:
-
CRL_RELATIVE_PATH
- See Also:
-
OCSPRESPONDER_URI
- See Also:
-
OCSPRESPONDER_CERTIFICATE
- See Also:
-
MAPPING_SOURCE_SELECTION
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME
- See Also:
-
MAPPING_SOURCE_CERT_SUBJECTDN_CN
- See Also:
-
MAPPING_SOURCE_CERT_ISSUERDN
- See Also:
-
MAPPING_SOURCE_CERT_SERIALNUMBER
- See Also:
-
MAPPING_SOURCE_CERT_SHA256_THUMBPRINT
- See Also:
-
MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN
- See Also:
-
MAPPING_SOURCE_CERT_CERTIFICATE_PEM
- See Also:
-
USER_MAPPER_SELECTION
- See Also:
-
USER_ATTRIBUTE_MAPPER
- See Also:
-
USERNAME_EMAIL_MAPPER
- See Also:
-
CUSTOM_ATTRIBUTE_NAME
- See Also:
-
CERTIFICATE_KEY_USAGE
- See Also:
-
CERTIFICATE_EXTENDED_KEY_USAGE
- See Also:
-
CERTIFICATE_POLICY
- See Also:
-
CERTIFICATE_POLICY_MODE
- See Also:
-
CERTIFICATE_POLICY_MODE_ALL
- See Also:
-
CERTIFICATE_POLICY_MODE_ANY
- See Also:
-
CONFIRMATION_PAGE_DISALLOWED
- See Also:
-
REVALIDATE_CERTIFICATE
- See Also:
-
-
Constructor Details
-
AbstractX509ClientCertificateAuthenticator
public AbstractX509ClientCertificateAuthenticator()
-
-
Method Details
-
createInfoResponse
protected jakarta.ws.rs.core.Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object... parameters) -
certificateValidationParameters
public CertificateValidator.CertificateValidatorBuilder certificateValidationParameters(KeycloakSession session, X509AuthenticatorConfigModel config) throws Exception - Throws:
Exception
-
close
public void close() -
getCertificateChain
-
saveX509CertificateAuditDataToAuthSession
protected void saveX509CertificateAuditDataToAuthSession(AuthenticationFlowContext context, X509Certificate cert) -
recordX509CertificateAuditDataViaContextEvent
-
getUserIdentityExtractor
-
getUserIdentityToModelMapper
-
requiresUser
public boolean requiresUser()Description copied from interface:AuthenticatorDoes this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Specified by:
requiresUserin interfaceAuthenticator- Returns:
-
configuredFor
Description copied from interface:AuthenticatorIs this authenticator configured for this user.- Specified by:
configuredForin interfaceAuthenticator- Returns:
-
setRequiredActions
Description copied from interface:AuthenticatorSet actions to configure authenticator- Specified by:
setRequiredActionsin interfaceAuthenticator
-