org.keycloak.authentication.authenticators.x509

Class AbstractX509ClientCertificateAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertificateAuthenticator

All Implemented Interfaces:

Authenticator, Provider

Direct Known Subclasses:

AbstractX509ClientCertificateDirectGrantAuthenticator, X509ClientCertificateAuthenticator

public abstract class AbstractX509ClientCertificateAuthenticator
extends Object
implements Authenticator

Version:

$Revision: 1 $

Author:

Peter Nalyvayko

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	AbstractX509ClientCertificateAuthenticator.CertificateValidatorConfigBuilder
protected static class	AbstractX509ClientCertificateAuthenticator.UserIdentityExtractorBuilder
protected static class	AbstractX509ClientCertificateAuthenticator.UserIdentityToModelMapperBuilder

Field Summary

Fields

Modifier and Type	Field and Description
static String	CERTIFICATE_EXTENDED_KEY_USAGE
static String	CERTIFICATE_KEY_USAGE
static String	CONFIRMATION_PAGE_DISALLOWED
static String	CRL_RELATIVE_PATH
static String	CUSTOM_ATTRIBUTE_NAME
static String	DEFAULT_ATTRIBUTE_NAME
static String	ENABLE_CRL
static String	ENABLE_CRLDP
static String	ENABLE_OCSP
protected static ServicesLogger	logger
static String	MAPPING_SOURCE_CERT_ISSUERDN
static String	MAPPING_SOURCE_CERT_ISSUERDN_CN
static String	MAPPING_SOURCE_CERT_ISSUERDN_EMAIL
static String	MAPPING_SOURCE_CERT_SERIALNUMBER
static String	MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL
static String	MAPPING_SOURCE_CERT_SUBJECTDN
static String	MAPPING_SOURCE_CERT_SUBJECTDN_CN
static String	MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL
static String	MAPPING_SOURCE_SELECTION
static String	OCSPRESPONDER_URI
static String	REGULAR_EXPRESSION
static String	USER_ATTRIBUTE_MAPPER
static String	USER_MAPPER_SELECTION
static String	USERNAME_EMAIL_MAPPER

Constructor Summary

Constructors

Constructor and Description
AbstractX509ClientCertificateAuthenticator()

Method Summary

Modifier and Type	Method and Description
CertificateValidator.CertificateValidatorBuilder	certificateValidationParameters(X509AuthenticatorConfigModel config)
void	close()
boolean	configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
protected javax.ws.rs.core.Response	createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object... parameters)
protected X509Certificate[]	getCertificateChain(AuthenticationFlowContext context)
UserIdentityExtractor	getUserIdentityExtractor(X509AuthenticatorConfigModel config)
UserIdentityToModelMapper	getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)
boolean	requiresUser()
void	setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

action, authenticate

Field Detail

DEFAULT_ATTRIBUTE_NAME

public static final String DEFAULT_ATTRIBUTE_NAME

See Also:

Constant Field Values

logger

protected static ServicesLogger logger

REGULAR_EXPRESSION

public static final String REGULAR_EXPRESSION

See Also:

Constant Field Values

ENABLE_CRL

public static final String ENABLE_CRL

See Also:

Constant Field Values

ENABLE_OCSP

public static final String ENABLE_OCSP

See Also:

Constant Field Values

ENABLE_CRLDP

public static final String ENABLE_CRLDP

See Also:

Constant Field Values

CRL_RELATIVE_PATH

public static final String CRL_RELATIVE_PATH

See Also:

Constant Field Values

OCSPRESPONDER_URI

public static final String OCSPRESPONDER_URI

See Also:

Constant Field Values

MAPPING_SOURCE_SELECTION

public static final String MAPPING_SOURCE_SELECTION

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN

public static final String MAPPING_SOURCE_CERT_SUBJECTDN

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

public static final String MAPPING_SOURCE_CERT_SUBJECTDN_EMAIL

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

public static final String MAPPING_SOURCE_CERT_SUBJECTALTNAME_EMAIL

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_SUBJECTDN_CN

public static final String MAPPING_SOURCE_CERT_SUBJECTDN_CN

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_ISSUERDN

public static final String MAPPING_SOURCE_CERT_ISSUERDN

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_ISSUERDN_EMAIL

public static final String MAPPING_SOURCE_CERT_ISSUERDN_EMAIL

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_ISSUERDN_CN

public static final String MAPPING_SOURCE_CERT_ISSUERDN_CN

See Also:

Constant Field Values

MAPPING_SOURCE_CERT_SERIALNUMBER

public static final String MAPPING_SOURCE_CERT_SERIALNUMBER

See Also:

Constant Field Values

USER_MAPPER_SELECTION

public static final String USER_MAPPER_SELECTION

See Also:

Constant Field Values

USER_ATTRIBUTE_MAPPER

public static final String USER_ATTRIBUTE_MAPPER

See Also:

Constant Field Values

USERNAME_EMAIL_MAPPER

public static final String USERNAME_EMAIL_MAPPER

See Also:

Constant Field Values

CUSTOM_ATTRIBUTE_NAME

public static final String CUSTOM_ATTRIBUTE_NAME

See Also:

Constant Field Values

CERTIFICATE_KEY_USAGE

public static final String CERTIFICATE_KEY_USAGE

See Also:

Constant Field Values

CERTIFICATE_EXTENDED_KEY_USAGE

public static final String CERTIFICATE_EXTENDED_KEY_USAGE

See Also:

Constant Field Values

CONFIRMATION_PAGE_DISALLOWED

public static final String CONFIRMATION_PAGE_DISALLOWED

See Also:

Constant Field Values

Constructor Detail

AbstractX509ClientCertificateAuthenticator

public AbstractX509ClientCertificateAuthenticator()

Method Detail

createInfoResponse

protected javax.ws.rs.core.Response createInfoResponse(AuthenticationFlowContext context,
                                                       String infoMessage,
                                                       Object... parameters)

certificateValidationParameters

public CertificateValidator.CertificateValidatorBuilder certificateValidationParameters(X509AuthenticatorConfigModel config)
                                                                                 throws Exception

Throws:

Exception

close

public void close()

Specified by:

close in interface Provider

getCertificateChain

protected X509Certificate[] getCertificateChain(AuthenticationFlowContext context)

getUserIdentityExtractor

public UserIdentityExtractor getUserIdentityExtractor(X509AuthenticatorConfigModel config)

getUserIdentityToModelMapper

public UserIdentityToModelMapper getUserIdentityToModelMapper(X509AuthenticatorConfigModel config)

requiresUser

public boolean requiresUser()

Specified by:

requiresUser in interface Authenticator

configuredFor

public boolean configuredFor(KeycloakSession session,
                             RealmModel realm,
                             UserModel user)

Specified by:

configuredFor in interface Authenticator

setRequiredActions

public void setRequiredActions(KeycloakSession session,
                               RealmModel realm,
                               UserModel user)

Specified by:

setRequiredActions in interface Authenticator