<div dir="ltr">Hi<div><br></div><div>thanks Bill, it worked - I wasn't aware of class ResteasyProviderFactory .</div><div><br></div><div>Cheers</div><div><br></div><div>filipe</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jul 7, 2016 at 5:25 PM Bill Burke <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Don't you have to get the cert chain from a servlet request
attribute? This might work.<br>
</p>
<p><br>
</p>
<p>
</p>
<pre style="margin:0px 0px 1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;display:block;color:rgb(57,51,24);word-wrap:normal;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;word-spacing:0px;background-color:rgb(239,240,241)"><code style="margin:0px;padding:0px;border:0px;font-size:13px;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;white-space:inherit;background-color:rgb(239,240,241)"><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)"> HttpServletRequest httpServletRequest = ResteasyProviderFactory.getContextData(HttpServletRequest.class);
X509Certificate</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">[]</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)"> certs </span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">=</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)"> </span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">(</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">X509Certificate</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">[])</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)"> httpServletRequest</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">.</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">getAttribute</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">(</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(125,39,39)">"javax.servlet.request.X509Certificate"</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)">);
</span><span style="margin:0px;padding:0px;border:0px;font-size:13px;color:rgb(48,51,54)"> </span></code></pre></div><div bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div>On 7/7/16 10:53 AM, Filipe Lautert
wrote:<br>
</div>
</div><div bgcolor="#FFFFFF" text="#000000"><blockquote type="cite">
<div dir="ltr">Hello
<div><br>
</div>
<div>short story: is there a way to get the request body sent
from the client inside an<span style="line-height:1.5"> Authenticator
(my class implements Authenticator , unsing method @Override
authenticate(context)) ? I'm trying with </span><span style="line-height:18px">context.getHttpRequest().getInputStream()
but it is empty.</span></div>
<div>
<div><br>
</div>
<div>Full story:</div>
<div>I'm trying to build a Keycloak authenticator that reads a
client certificate and uses it to validate the user, using
as a base the SecretQuestionAuthenticator example . The
client certificate is a hard token that is read by Firefox.
To handle the certificate read part I'm usng Apache mod ssl,
with the below relevant configuration:</div>
<div><br>
</div>
<div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal">
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="color:windowtext;margin:0px;padding:0px;line-height:18px;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLEngine</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>on</span></span><span style="color:windowtext;margin:0px;padding:0px;line-height:18px;background-color:transparent"> </span><br>
</p>
</div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal">
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="color:windowtext;margin:0px;padding:0px;line-height:18px" lang="EN-US"><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLProxyEngine</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>on</span></span><span style="margin:0px;padding:0px;line-height:18px"> </span></p>
</div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal">
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;color:windowtext;line-height:18px" lang="EN-US"><span style="margin:0px;padding:0px;background-color:inherit">
<</span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">LocationMatch</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>"/</span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">auth</span><span style="margin:0px;padding:0px;background-color:inherit">"></span></span><span style="margin:0px;padding:0px;line-height:18px"> </span></p>
</div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal">
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;color:windowtext;line-height:18px" lang="EN-US"><span style="margin:0px;padding:0px;background-color:inherit">
<span> </span></span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ProxyPass</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>ajp://localhost:8010/auth</span></span><span style="margin:0px;padding:0px;line-height:18px"> </span></p>
</div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr;line-height:normal">
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;color:windowtext;line-height:18px" lang="EN-US"><span style="margin:0px;padding:0px;background-color:inherit">
<span> </span></span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ProxyPassReverse</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>ajp://localhost:8010/auth</span></span><span style="margin:0px;padding:0px;line-height:18px"> </span></p>
</div>
<div style="margin:0px;padding:0px;overflow:visible;clear:both;direction:ltr">
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;color:windowtext;line-height:18px" lang="EN-US"><span style="margin:0px;padding:0px;background-color:inherit">
</</span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">LocationMatch</span><span style="margin:0px;padding:0px;background-color:inherit">></span></span><span style="margin:0px;padding:0px;line-height:18px"> </span></p>
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;line-height:18px"><span style="margin:0px;padding:0px;color:windowtext" lang="EN-US"><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">SSLOptions</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>+</span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">StdEnvVars</span><span style="margin:0px;padding:0px;background-color:inherit"><span> </span>+</span><span style="margin:0px;padding:0px;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:transparent;background-image:url("");background-color:inherit;background-position:0% 100%;background-repeat:repeat-x">ExportCertData</span></span><span style="margin:0px;padding:0px"> </span><br>
</span></p>
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;line-height:18px"><span style="margin:0px;padding:0px">... etc</span></span></p>
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;line-height:18px"><span style="margin:0px;padding:0px"><br>
</span></span></p>
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;line-height:18px"><span style="margin:0px;padding:0px">Looking at a
tcpdump/wireshark on port 8010, I can see that the
client certificate is sent on the request body to
Keycloak.</span></span></p>
<p style="line-height:normal;margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="margin:0px;padding:0px;line-height:18px"><span style="margin:0px;padding:0px"><br>
</span></span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><font style="color:windowtext"><span style="line-height:18px">So far fine, Apache
validates the certificate, extracts it and send to
Keycloak. The problem is that I'm unable to read the
request body inside my authenticator class as </span></font><span style="color:windowtext;line-height:18px">context.getHttpRequest().getInputStream()
is empty, and as the body is the raw certificate the
method </span><span style="line-height:18px">context.getHttpRequest().getFormParameters()
method won't return me anything.</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;color:windowtext;background-color:transparent" lang="EN-US"><span style="line-height:18px"><br>
</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px">public class
SecretQuestionAuthenticator implements Authenticator {</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><span style="white-space:pre-wrap"> </span>@Override</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><span style="white-space:pre-wrap"> </span>public
void authenticate(AuthenticationFlowContext context) {</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><span style="white-space:pre-wrap"> </span></span><span style="line-height:18px">System.out.println(</span><span style="line-height:18px">context.getHttpRequest().getInputStream().available());
// prints 0</span><span style="line-height:18px;white-space:pre-wrap;background-color:transparent"> </span><span style="line-height:18px;background-color:transparent">System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream()));
//empty :(</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><br>
</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px">Any ideas of
how I can get it to work?</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><br>
</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px">Thanks</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px"><br>
</span></p>
<p style="margin:0px;padding:0px;word-wrap:break-word;vertical-align:baseline;background-color:transparent" lang="EN-US"><span style="line-height:18px">filipe</span></p>
</div>
</div>
</div>
</div>
<div dir="ltr">-- <br>
</div>
<div data-smartmail="gmail_signature">
<div dir="ltr">filipe lautert</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote></div><div bgcolor="#FFFFFF" text="#000000"><blockquote type="cite"><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">filipe lautert</div></div>