Package org.keycloak.authentication.authenticators.x509

Class AbstractX509ClientCertificateAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

All Implemented Interfaces:

Authenticator, Provider

Direct Known Subclasses:

AbstractX509ClientCertificateDirectGrantAuthenticator, X509ClientCertificateAuthenticator

public abstract class AbstractX509ClientCertificateAuthenticator
extends Object
implements Authenticator

Version:

$Revision: 1 $

Author:

Peter Nalyvayko

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder
protected static class	AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder
protected static class	AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CANONICAL_DN
static final String	CERTIFICATE_EXTENDED_KEY_USAGE
static final String	CERTIFICATE_KEY_USAGE
static final String	CERTIFICATE_POLICY
static final String	CERTIFICATE_POLICY_MODE
static final String	CERTIFICATE_POLICY_MODE_ALL
static final String	CERTIFICATE_POLICY_MODE_ANY
static final String	CONFIRMATION_PAGE_DISALLOWED
static final String	CRL_ABORT_IF_NON_UPDATED
static final String	CRL_RELATIVE_PATH
static final String	CUSTOM_ATTRIBUTE_NAME
static final String	DEFAULT_ATTRIBUTE_NAME
static final String	ENABLE_CRL
static final String	ENABLE_CRLDP
static final String	ENABLE_OCSP
static final String	MAPPING_SOURCE_CERT_CERTIFICATE_PEM
static final String	MAPPING_SOURCE_CERT_ISSUERDN
static final String	MAPPING_SOURCE_CERT_SERIALNUMBER
static final String	MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN
static final String	MAPPING_SOURCE_CERT_SHA256_THUMBPRINT
static final String	MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
static final String	MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME
static final String	MAPPING_SOURCE_CERT_SUBJECTDN
static final String	MAPPING_SOURCE_CERT_SUBJECTDN_CN
static final String	MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
static final String	MAPPING_SOURCE_SELECTION
static final String	OCSP_FAIL_OPEN
static final String	OCSPRESPONDER_CERTIFICATE
static final String	OCSPRESPONDER_URI
static final String	REGULAR_EXPRESSION
static final String	REVALIDATE_CERTIFICATE
static final String	SERIALNUMBER_HEX
static final String	TIMESTAMP_VALIDATION
static final String	USER_ATTRIBUTE_MAPPER
static final String	USER_MAPPER_SELECTION
static final String	USERNAME_EMAIL_MAPPER

Constructor Summary

Constructors

Constructor	Description
AbstractX509ClientCertificateAuthenticator()

Method Summary

Modifier and Type	Method	Description
CertificateValidator.CertificateValidatorBuilder	certificateValidationParameters(KeycloakSession session, X509AuthenticatorConfigModel config)
void	close()
boolean	configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
protected jakarta.ws.rs.core.Response	createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object... parameters)
protected X509Certificate[]	getCertificateChain(AuthenticationFlowContext context)
UserIdentityExtractor	getUserIdentityExtractor(X509AuthenticatorConfigModel config)
UserIdentityToModelMapper	getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)
protected void	recordX509CertificateAuditDataViaContextEvent(AuthenticationFlowContext context)
boolean	requiresUser()
protected void	saveX509CertificateAuditDataToAuthSession(AuthenticationFlowContext context, X509Certificate cert)
void	setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

action, areRequiredActionsEnabled, authenticate, getRequiredActions

Field Details

DEFAULT_ATTRIBUTE_NAME

public static final String DEFAULT_ATTRIBUTE_NAME

See Also:

• Constant Field Values

REGULAR_EXPRESSION

public static final String REGULAR_EXPRESSION

See Also:

• Constant Field Values

ENABLE_CRL

public static final String ENABLE_CRL

See Also:

• Constant Field Values

ENABLE_OCSP

public static final String ENABLE_OCSP

See Also:

• Constant Field Values

OCSP_FAIL_OPEN

public static final String OCSP_FAIL_OPEN

See Also:

• Constant Field Values

ENABLE_CRLDP

public static final String ENABLE_CRLDP

See Also:

• Constant Field Values

CANONICAL_DN

public static final String CANONICAL_DN

See Also:

• Constant Field Values

TIMESTAMP_VALIDATION

public static final String TIMESTAMP_VALIDATION

See Also:

• Constant Field Values

SERIALNUMBER_HEX

public static final String SERIALNUMBER_HEX

See Also:

• Constant Field Values

CRL_RELATIVE_PATH

public static final String CRL_RELATIVE_PATH

See Also:

• Constant Field Values

CRL_ABORT_IF_NON_UPDATED

public static final String CRL_ABORT_IF_NON_UPDATED

See Also:

• Constant Field Values

OCSPRESPONDER_URI

public static final String OCSPRESPONDER_URI

See Also:

• Constant Field Values

OCSPRESPONDER_CERTIFICATE

public static final String OCSPRESPONDER_CERTIFICATE

See Also:

• Constant Field Values

MAPPING_SOURCE_SELECTION

public static final String MAPPING_SOURCE_SELECTION

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN

public static final String MAPPING_SOURCE_CERT_SUBJECTDN

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

public static final String MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

public static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME

public static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_OTHERNAME

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN_CN

public static final String MAPPING_SOURCE_CERT_SUBJECTDN_CN

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_ISSUERDN

public static final String MAPPING_SOURCE_CERT_ISSUERDN

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SERIALNUMBER

public static final String MAPPING_SOURCE_CERT_SERIALNUMBER

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SHA256_THUMBPRINT

public static final String MAPPING_SOURCE_CERT_SHA256_THUMBPRINT

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN

public static final String MAPPING_SOURCE_CERT_SERIALNUMBER_ISSUERDN

See Also:

• Constant Field Values

MAPPING_SOURCE_CERT_CERTIFICATE_PEM

public static final String MAPPING_SOURCE_CERT_CERTIFICATE_PEM

See Also:

• Constant Field Values

USER_MAPPER_SELECTION

public static final String USER_MAPPER_SELECTION

See Also:

• Constant Field Values

USER_ATTRIBUTE_MAPPER

public static final String USER_ATTRIBUTE_MAPPER

See Also:

• Constant Field Values

USERNAME_EMAIL_MAPPER

public static final String USERNAME_EMAIL_MAPPER

See Also:

• Constant Field Values

CUSTOM_ATTRIBUTE_NAME

public static final String CUSTOM_ATTRIBUTE_NAME

See Also:

• Constant Field Values

CERTIFICATE_KEY_USAGE

public static final String CERTIFICATE_KEY_USAGE

See Also:

• Constant Field Values

CERTIFICATE_EXTENDED_KEY_USAGE

public static final String CERTIFICATE_EXTENDED_KEY_USAGE

See Also:

• Constant Field Values

CERTIFICATE_POLICY

public static final String CERTIFICATE_POLICY

See Also:

• Constant Field Values

CERTIFICATE_POLICY_MODE

public static final String CERTIFICATE_POLICY_MODE

See Also:

• Constant Field Values

CERTIFICATE_POLICY_MODE_ALL

public static final String CERTIFICATE_POLICY_MODE_ALL

See Also:

• Constant Field Values

CERTIFICATE_POLICY_MODE_ANY

public static final String CERTIFICATE_POLICY_MODE_ANY

See Also:

• Constant Field Values

CONFIRMATION_PAGE_DISALLOWED

public static final String CONFIRMATION_PAGE_DISALLOWED

See Also:

• Constant Field Values

REVALIDATE_CERTIFICATE

public static final String REVALIDATE_CERTIFICATE

See Also:

• Constant Field Values

Constructor Details

AbstractX509ClientCertificateAuthenticator

public AbstractX509ClientCertificateAuthenticator()

Method Details

createInfoResponse

protected jakarta.ws.rs.core.Response createInfoResponse(AuthenticationFlowContext context,
 String infoMessage,
 Object... parameters)

certificateValidationParameters

public CertificateValidator.CertificateValidatorBuilder certificateValidationParameters(KeycloakSession session,
 X509AuthenticatorConfigModel config)
                                                                                 throws Exception

Throws:

Exception

close

public void close()

Specified by:

close in interface Provider

getCertificateChain

protected X509Certificate[] getCertificateChain(AuthenticationFlowContext context)

saveX509CertificateAuditDataToAuthSession

protected void saveX509CertificateAuditDataToAuthSession(AuthenticationFlowContext context,
 X509Certificate cert)

recordX509CertificateAuditDataViaContextEvent

protected void recordX509CertificateAuditDataViaContextEvent(AuthenticationFlowContext context)

getUserIdentityExtractor

public UserIdentityExtractor getUserIdentityExtractor(X509AuthenticatorConfigModel config)

getUserIdentityToModelMapper

public UserIdentityToModelMapper getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)

requiresUser

public boolean requiresUser()

Specified by:

requiresUser in interface Authenticator

configuredFor

public boolean configuredFor(KeycloakSession session,
 RealmModel realm,
 UserModel user)

Specified by:

configuredFor in interface Authenticator

setRequiredActions

public void setRequiredActions(KeycloakSession session,
 RealmModel realm,
 UserModel user)

Specified by:

setRequiredActions in interface Authenticator