Class AbstractX509ClientCertificateAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
-
- All Implemented Interfaces:
org.keycloak.authentication.Authenticator
,org.keycloak.provider.Provider
- Direct Known Subclasses:
AbstractX509ClientCertificateDirectGrantAuthenticator
,X509ClientCertificateAuthenticator
public abstract class AbstractX509ClientCertificateAuthenticator extends Object implements org.keycloak.authentication.Authenticator
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder
protected static class
AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder
protected static class
AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder
-
Field Summary
-
Constructor Summary
Constructors Constructor Description AbstractX509ClientCertificateAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CertificateValidator.CertificateValidatorBuilder
certificateValidationParameters(org.keycloak.models.KeycloakSession session, X509AuthenticatorConfigModel config)
void
close()
boolean
configuredFor(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
protected javax.ws.rs.core.Response
createInfoResponse(org.keycloak.authentication.AuthenticationFlowContext context, String infoMessage, Object... parameters)
protected X509Certificate[]
getCertificateChain(org.keycloak.authentication.AuthenticationFlowContext context)
UserIdentityExtractor
getUserIdentityExtractor(X509AuthenticatorConfigModel config)
UserIdentityToModelMapper
getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)
protected void
recordX509CertificateAuditDataViaContextEvent(org.keycloak.authentication.AuthenticationFlowContext context)
boolean
requiresUser()
protected void
saveX509CertificateAuditDataToAuthSession(org.keycloak.authentication.AuthenticationFlowContext context, X509Certificate cert)
void
setRequiredActions(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
-
-
-
Field Detail
-
DEFAULT_ATTRIBUTE_NAME
public static final String DEFAULT_ATTRIBUTE_NAME
- See Also:
- Constant Field Values
-
logger
protected static ServicesLogger logger
-
REGULAR_EXPRESSION
public static final String REGULAR_EXPRESSION
- See Also:
- Constant Field Values
-
ENABLE_CRL
public static final String ENABLE_CRL
- See Also:
- Constant Field Values
-
ENABLE_OCSP
public static final String ENABLE_OCSP
- See Also:
- Constant Field Values
-
OCSP_FAIL_OPEN
public static final String OCSP_FAIL_OPEN
- See Also:
- Constant Field Values
-
ENABLE_CRLDP
public static final String ENABLE_CRLDP
- See Also:
- Constant Field Values
-
CANONICAL_DN
public static final String CANONICAL_DN
- See Also:
- Constant Field Values
-
TIMESTAMP_VALIDATION
public static final String TIMESTAMP_VALIDATION
- See Also:
- Constant Field Values
-
SERIALNUMBER_HEX
public static final String SERIALNUMBER_HEX
- See Also:
- Constant Field Values
-
CRL_RELATIVE_PATH
public static final String CRL_RELATIVE_PATH
- See Also:
- Constant Field Values
-
OCSPRESPONDER_URI
public static final String OCSPRESPONDER_URI
- See Also:
- Constant Field Values
-
OCSPRESPONDER_CERTIFICATE
public static final String OCSPRESPONDER_CERTIFICATE
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_SELECTION
public static final String MAPPING_SOURCE_SELECTION
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SUBJECTDN
public static final String MAPPING_SOURCE_CERT_SUBJECTDN
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
public static final String MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
public static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME
public static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SUBJECTDN_CN
public static final String MAPPING_SOURCE_CERT_SUBJECTDN_CN
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_ISSUERDN
public static final String MAPPING_SOURCE_CERT_ISSUERDN
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SERIALNUMBER
public static final String MAPPING_SOURCE_CERT_SERIALNUMBER
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SHA256_THUMBPRINT
public static final String MAPPING_SOURCE_CERT_SHA256_THUMBPRINT
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN
public static final String MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN
- See Also:
- Constant Field Values
-
MAPPING_SOURCE_CERT_CERTIFICATE_PEM
public static final String MAPPING_SOURCE_CERT_CERTIFICATE_PEM
- See Also:
- Constant Field Values
-
USER_MAPPER_SELECTION
public static final String USER_MAPPER_SELECTION
- See Also:
- Constant Field Values
-
USER_ATTRIBUTE_MAPPER
public static final String USER_ATTRIBUTE_MAPPER
- See Also:
- Constant Field Values
-
USERNAME_EMAIL_MAPPER
public static final String USERNAME_EMAIL_MAPPER
- See Also:
- Constant Field Values
-
CUSTOM_ATTRIBUTE_NAME
public static final String CUSTOM_ATTRIBUTE_NAME
- See Also:
- Constant Field Values
-
CERTIFICATE_KEY_USAGE
public static final String CERTIFICATE_KEY_USAGE
- See Also:
- Constant Field Values
-
CERTIFICATE_EXTENDED_KEY_USAGE
public static final String CERTIFICATE_EXTENDED_KEY_USAGE
- See Also:
- Constant Field Values
-
CERTIFICATE_POLICY
public static final String CERTIFICATE_POLICY
- See Also:
- Constant Field Values
-
CERTIFICATE_POLICY_MODE
public static final String CERTIFICATE_POLICY_MODE
- See Also:
- Constant Field Values
-
CERTIFICATE_POLICY_MODE_ALL
public static final String CERTIFICATE_POLICY_MODE_ALL
- See Also:
- Constant Field Values
-
CERTIFICATE_POLICY_MODE_ANY
public static final String CERTIFICATE_POLICY_MODE_ANY
- See Also:
- Constant Field Values
-
CONFIRMATION_PAGE_DISALLOWED
public static final String CONFIRMATION_PAGE_DISALLOWED
- See Also:
- Constant Field Values
-
REVALIDATE_CERTIFICATE
public static final String REVALIDATE_CERTIFICATE
- See Also:
- Constant Field Values
-
-
Method Detail
-
createInfoResponse
protected javax.ws.rs.core.Response createInfoResponse(org.keycloak.authentication.AuthenticationFlowContext context, String infoMessage, Object... parameters)
-
certificateValidationParameters
public CertificateValidator.CertificateValidatorBuilder certificateValidationParameters(org.keycloak.models.KeycloakSession session, X509AuthenticatorConfigModel config) throws Exception
- Throws:
Exception
-
close
public void close()
- Specified by:
close
in interfaceorg.keycloak.provider.Provider
-
getCertificateChain
protected X509Certificate[] getCertificateChain(org.keycloak.authentication.AuthenticationFlowContext context)
-
saveX509CertificateAuditDataToAuthSession
protected void saveX509CertificateAuditDataToAuthSession(org.keycloak.authentication.AuthenticationFlowContext context, X509Certificate cert)
-
recordX509CertificateAuditDataViaContextEvent
protected void recordX509CertificateAuditDataViaContextEvent(org.keycloak.authentication.AuthenticationFlowContext context)
-
getUserIdentityExtractor
public UserIdentityExtractor getUserIdentityExtractor(X509AuthenticatorConfigModel config)
-
getUserIdentityToModelMapper
public UserIdentityToModelMapper getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)
-
requiresUser
public boolean requiresUser()
- Specified by:
requiresUser
in interfaceorg.keycloak.authentication.Authenticator
-
configuredFor
public boolean configuredFor(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
- Specified by:
configuredFor
in interfaceorg.keycloak.authentication.Authenticator
-
setRequiredActions
public void setRequiredActions(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
- Specified by:
setRequiredActions
in interfaceorg.keycloak.authentication.Authenticator
-
-