org.keycloak.authentication.authenticators.x509.ValidateX509CertificateUsername

All Implemented Interfaces:: Authenticator, Provider

public class ValidateX509CertificateUsername extends AbstractX509ClientCertificateDirectGrantAuthenticator

Version:: $Revision: 1 $
Author:: Peter Nalyvayko

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder, AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder
Field Summary

Fields

Modifier and Type

Field

Description

protected static ServicesLogger

logger

Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
CANONICAL_DN, CERTIFICATE_EXTENDED_KEY_USAGE, CERTIFICATE_KEY_USAGE, CERTIFICATE_POLICY, CERTIFICATE_POLICY_MODE, CERTIFICATE_POLICY_MODE_ALL, CERTIFICATE_POLICY_MODE_ANY, CONFIRMATION_PAGE_DISALLOWED, CRL_RELATIVE_PATH, CUSTOM_ATTRIBUTE_NAME, DEFAULT_ATTRIBUTE_NAME, ENABLE_CRL, ENABLE_CRLDP, ENABLE_OCSP, MAPPING_SOURCE_CERT_CERTIFICATE_PEM, MAPPING_SOURCE_CERT_ISSUERDN, MAPPING_SOURCE_CERT_SERIALNUMBER, MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN, MAPPING_SOURCE_CERT_SHA256_THUMBPRINT, MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL, MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME, MAPPING_SOURCE_CERT_SUBJECTDN, MAPPING_SOURCE_CERT_SUBJECTDN_CN, MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL, MAPPING_SOURCE_SELECTION, OCSP_FAIL_OPEN, OCSPRESPONDER_CERTIFICATE, OCSPRESPONDER_URI, REGULAR_EXPRESSION, REVALIDATE_CERTIFICATE, SERIALNUMBER_HEX, TIMESTAMP_VALIDATION, USER_ATTRIBUTE_MAPPER, USER_MAPPER_SELECTION, USERNAME_EMAIL_MAPPER
Constructor Summary

Constructors

Constructor

Description

ValidateX509CertificateUsername()
Method Summary

Modifier and Type

Method

Description

void

action(AuthenticationFlowContext context)

Called from a form action invocation.

void

authenticate(AuthenticationFlowContext context)

Initial call for the authenticator.

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator
errorResponse

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator
certificateValidationParameters, close, configuredFor, createInfoResponse, getCertificateChain, getUserIdentityExtractor, getUserIdentityToModelMapper, recordX509CertificateAuditDataViaContextEvent, requiresUser, saveX509CertificateAuditDataToAuthSession, setRequiredActions

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled, getRequiredActions

Field Details
- logger
  
  protected static ServicesLogger logger
Constructor Details
- ValidateX509CertificateUsername
  
  public ValidateX509CertificateUsername()
Method Details
- authenticate
  
  public void authenticate(AuthenticationFlowContext context)
  
  Description copied from interface: Authenticator
  
  Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.
- action
  
  public void action(AuthenticationFlowContext context)
  
  Description copied from interface: Authenticator
  
  Called from a form action invocation.
  
  Specified by:
  
  action in interface Authenticator
  
  Overrides:
  
  action in class AbstractX509ClientCertificateDirectGrantAuthenticator

Class ValidateX509CertificateUsername

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateDirectGrantAuthenticator

Methods inherited from class org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.authentication.Authenticator

Field Details

logger

Constructor Details

ValidateX509CertificateUsername

Method Details

authenticate

action