<div dir="ltr">Hello<div><br></div><div>short story: is there a way to get the request body sent from the client inside an<span style="line-height:1.5"> Authenticator (my class implements Authenticator , unsing method @Override authenticate(context)) ? I&#39;m trying with </span><span style="line-height:18px">context.getHttpRequest().getInputStream() but it is empty.</span></div><div><div><br></div><div>Full story:</div><div>I&#39;m trying to build a Keycloak authenticator that reads a client certificate and uses it to validate the user, using as a base the SecretQuestionAuthenticator example . The client certificate is a hard token that is read by Firefox. To handle the certificate read part I&#39;m usng Apache mod ssl, with the below relevant configuration:</div><div><br></div><div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-TextRun inbox-inbox-SCX49080288" lang="EN-US" style="color:windowtext;margin:0px;padding:0px;line-height:18px;background-color:transparent"><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLEngine</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>on</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="color:windowtext;margin:0px;padding:0px;line-height:18px;background-color:transparent"> </span><br></p></div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-inbox-inbox-TextRun inbox-inbox-inbox-inbox-SCX49080288" lang="EN-US" style="color:windowtext;margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-inbox-inbox-SpellingError inbox-inbox-inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLProxyEngine</span><span class="inbox-inbox-inbox-inbox-NormalTextRun inbox-inbox-inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-inbox-inbox-Apple-converted-space"> </span>on</span></span><span class="inbox-inbox-inbox-inbox-EOP inbox-inbox-inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"> </span></p></div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-TextRun inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;color:windowtext;line-height:18px"><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">                &lt;</span><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">LocationMatch</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>&quot;/</span><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">auth</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">&quot;&gt;</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"> </span></p></div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-TextRun inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;color:windowtext;line-height:18px"><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">                       <span class="inbox-inbox-Apple-converted-space"> </span></span><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ProxyPass</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>ajp://localhost:8010/auth</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"> </span></p></div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-TextRun inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;color:windowtext;line-height:18px"><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">                       <span class="inbox-inbox-Apple-converted-space"> </span></span><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ProxyPassReverse</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>ajp://localhost:8010/auth</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"> </span></p></div><div class="inbox-inbox-OutlineElement inbox-inbox-Ltr inbox-inbox-SCX49080288" style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr"><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-TextRun inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;color:windowtext;line-height:18px"><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">                &lt;/</span><span class="inbox-inbox-SpellingError inbox-inbox-SCX49080288" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">LocationMatch</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX49080288" style="margin:0px;padding:0px;background-color:inherit">&gt;</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"> </span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-TextRun inbox-inbox-SCX107773260" lang="EN-US" style="margin:0px;padding:0px;color:windowtext"><span class="inbox-inbox-SpellingError inbox-inbox-SCX107773260" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLOptions</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX107773260" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>+</span><span class="inbox-inbox-SpellingError inbox-inbox-SCX107773260" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">StdEnvVars</span><span class="inbox-inbox-NormalTextRun inbox-inbox-SCX107773260" style="margin:0px;padding:0px;background-color:inherit"><span class="inbox-inbox-Apple-converted-space"> </span>+</span><span class="inbox-inbox-SpellingError inbox-inbox-SCX107773260" style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url(&quot;data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==&quot;);background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ExportCertData</span></span><span class="inbox-inbox-EOP inbox-inbox-SCX107773260" style="margin:0px;padding:0px"> </span><br></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-EOP inbox-inbox-SCX107773260" style="margin:0px;padding:0px">... etc</span></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-EOP inbox-inbox-SCX107773260" style="margin:0px;padding:0px"><br></span></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-EOP inbox-inbox-SCX107773260" style="margin:0px;padding:0px">Looking at a tcpdump/wireshark on port 8010, I can see that the client certificate is sent on the request body to Keycloak.</span></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span class="inbox-inbox-EOP inbox-inbox-SCX49080288" style="margin:0px;padding:0px;line-height:18px"><span class="inbox-inbox-EOP inbox-inbox-SCX107773260" style="margin:0px;padding:0px"><br></span></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><font style="color:windowtext"><span style="line-height:18px">So far fine, Apache validates the certificate, extracts it and send to Keycloak. The problem is that I&#39;m unable to read the request body inside my authenticator class as </span></font><span style="color:windowtext;line-height:18px">context.getHttpRequest().getInputStream() is empty, and as the body is the raw certificate the method </span><span style="line-height:18px">context.getHttpRequest().getFormParameters() method won&#39;t return me anything.</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent"><span style="line-height:18px"><br></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px">public class SecretQuestionAuthenticator implements Authenticator {</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><span class="Apple-tab-span" style="white-space:pre">        </span>@Override</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><span class="Apple-tab-span" style="white-space:pre">        </span>public void authenticate(AuthenticationFlowContext context) {</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><span class="Apple-tab-span" style="white-space:pre">                </span></span><span style="line-height:18px">System.out.println(</span><span style="line-height:18px">context.getHttpRequest().getInputStream().available()); // prints 0</span><span class="Apple-tab-span" style="line-height:18px;white-space:pre;background-color:transparent">                </span><span style="line-height:18px;background-color:transparent">System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream())); //empty :(</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><br></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px">Any ideas of how I can get it to work?</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><br></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px">Thanks</span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px"><br></span></p><p class="inbox-inbox-Paragraph inbox-inbox-SCX49080288" lang="EN-US" style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent"><span style="line-height:18px">filipe</span></p></div></div></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">filipe lautert</div></div>