Package org.keycloak.services.x509

Class Rfc9440ClientCertificateLookupFactory

java.lang.Object

org.keycloak.services.x509.Rfc9440ClientCertificateLookupFactory

All Implemented Interfaces:

ProviderFactory<X509ClientCertificateLookup>, X509ClientCertificateLookupFactory

public class Rfc9440ClientCertificateLookupFactory
extends Object
implements X509ClientCertificateLookupFactory

The factory and the corresponding providers extract a client certificate from a reverse proxy that is compliant with RFC 9440.

Since:

12/30/2024

Version:

$Revision: 1 $

Author:

Stephan Seifermann

Field Summary

Fields

Modifier and Type	Field	Description
protected int	certificateChainLength
protected static final String	HTTP_HEADER_CERT_CHAIN
protected static final String	HTTP_HEADER_CERT_CHAIN_DEFAULT
protected static final String	HTTP_HEADER_CERT_CHAIN_LENGTH
protected static final int	HTTP_HEADER_CERT_CHAIN_LENGTH_DEFAULT
protected static final String	HTTP_HEADER_CLIENT_CERT
protected static final String	HTTP_HEADER_CLIENT_CERT_DEFAULT
protected String	sslChainHttpHeader
protected String	sslClientCertHttpHeader

Constructor Summary

Constructors

Constructor	Description
Rfc9440ClientCertificateLookupFactory()

Method Summary

Modifier and Type	Method	Description
void	close()	This is called when the server shuts down.
X509ClientCertificateLookup	create(KeycloakSession session)
String	getId()
void	init(Config.Scope config)	Only called once when the factory is first created.
void	postInit(KeycloakSessionFactory factory)	Called after all provider factories have been initialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, getConfigMetadata, order

Field Details

HTTP_HEADER_CLIENT_CERT

protected static final String HTTP_HEADER_CLIENT_CERT

See Also:

• Constant Field Values

HTTP_HEADER_CLIENT_CERT_DEFAULT

protected static final String HTTP_HEADER_CLIENT_CERT_DEFAULT

See Also:

• Constant Field Values

HTTP_HEADER_CERT_CHAIN

protected static final String HTTP_HEADER_CERT_CHAIN

See Also:

• Constant Field Values

HTTP_HEADER_CERT_CHAIN_DEFAULT

protected static final String HTTP_HEADER_CERT_CHAIN_DEFAULT

See Also:

• Constant Field Values

HTTP_HEADER_CERT_CHAIN_LENGTH

protected static final String HTTP_HEADER_CERT_CHAIN_LENGTH

See Also:

• Constant Field Values

HTTP_HEADER_CERT_CHAIN_LENGTH_DEFAULT

protected static final int HTTP_HEADER_CERT_CHAIN_LENGTH_DEFAULT

See Also:

• Constant Field Values

sslClientCertHttpHeader

protected String sslClientCertHttpHeader

sslChainHttpHeader

protected String sslChainHttpHeader

certificateChainLength

protected int certificateChainLength

Constructor Details

Rfc9440ClientCertificateLookupFactory

public Rfc9440ClientCertificateLookupFactory()

Method Details

init

public void init(Config.Scope config)

Description copied from interface: ProviderFactory

Only called once when the factory is first created.

Specified by:

init in interface ProviderFactory<X509ClientCertificateLookup>

create

public X509ClientCertificateLookup create(KeycloakSession session)

Specified by:

create in interface ProviderFactory<X509ClientCertificateLookup>

postInit

public void postInit(KeycloakSessionFactory factory)

Description copied from interface: ProviderFactory

Called after all provider factories have been initialized

Specified by:

postInit in interface ProviderFactory<X509ClientCertificateLookup>

close

public void close()

Description copied from interface: ProviderFactory

This is called when the server shuts down.

Specified by:

close in interface ProviderFactory<X509ClientCertificateLookup>

getId

public String getId()

Specified by:

getId in interface ProviderFactory<X509ClientCertificateLookup>