Package org.keycloak.services.x509

Class NginxProxySslClientCertificateLookupFactory

java.lang.Object

org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookupFactory

org.keycloak.services.x509.NginxProxySslClientCertificateLookupFactory

All Implemented Interfaces:

ProviderFactory<X509ClientCertificateLookup>, X509ClientCertificateLookupFactory

public class NginxProxySslClientCertificateLookupFactory
extends AbstractClientCertificateFromHttpHeadersLookupFactory

The factory and the corresponding providers extract a client certificate from a NGINX reverse proxy (TLS termination).

Since:

10/09/2018

Version:

$Revision: 1 $

Author:

Arnault MICHEL

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	CERT_IS_URL_ENCODED
protected boolean	certIsUrlEncoded
protected static final String	TRUST_PROXY_VERIFICATION
protected boolean	trustProxyVerification

Fields inherited from class org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookupFactory

CERTIFICATE_CHAIN_LENGTH, certificateChainLength, HTTP_HEADER_CERT_CHAIN_PREFIX, HTTP_HEADER_CLIENT_CERT, sslChainHttpHeaderPrefix, sslClientCertHttpHeader

Constructor Summary

Constructors

Constructor	Description
NginxProxySslClientCertificateLookupFactory()

Method Summary

Modifier and Type	Method	Description
X509ClientCertificateLookup	create(KeycloakSession session)
String	getId()
void	init(Config.Scope config)	Only called once when the factory is first created.

Methods inherited from class org.keycloak.services.x509.AbstractClientCertificateFromHttpHeadersLookupFactory

close, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, getConfigMetadata, order

Field Details

TRUST_PROXY_VERIFICATION

protected static final String TRUST_PROXY_VERIFICATION

See Also:

• Constant Field Values

CERT_IS_URL_ENCODED

protected static final String CERT_IS_URL_ENCODED

See Also:

• Constant Field Values

trustProxyVerification

protected boolean trustProxyVerification

certIsUrlEncoded

protected boolean certIsUrlEncoded

Constructor Details

NginxProxySslClientCertificateLookupFactory

public NginxProxySslClientCertificateLookupFactory()

Method Details

init

public void init(Config.Scope config)

Description copied from interface: ProviderFactory

Only called once when the factory is first created. This config is pulled from keycloak_server.json

Specified by:

init in interface ProviderFactory<X509ClientCertificateLookup>

Overrides:

init in class AbstractClientCertificateFromHttpHeadersLookupFactory

create

public X509ClientCertificateLookup create(KeycloakSession session)

getId

public String getId()