Re: [keycloak-user] Keycloak behind Apache with SSL - read certificate from body

Hello short story: is there a way to get the request body sent from the client inside an Authenticator (my class implements Authenticator , unsing method @Override authenticate(context)) ? I'm trying with context.getHttpRequest().getInputStream() but it is empty. Full story: I'm trying to build a Keycloak authenticator that reads a client certificate and uses it to validate the user, using as a base the SecretQuestionAuthenticator example . The client certificate is a hard token that is read by Firefox. To handle the certificate read part I'm usng Apache mod ssl, with the below relevant configuration: SSLEngineon SSLProxyEngineon <LocationMatch"/auth"> ProxyPassajp://localhost:8010/auth ProxyPassReverseajp://localhost:8010/auth </LocationMatch> SSLOptions+StdEnvVars+ExportCertData ... etc Looking at a tcpdump/wireshark on port 8010, I can see that the client certificate is sent on the request body to Keycloak. So far fine, Apache validates the certificate, extracts it and send to Keycloak. The problem is that I'm unable to read the request body inside my authenticator class as context.getHttpRequest().getInputStream() is empty, and as the body is the raw certificate the method context.getHttpRequest().getFormParameters() method won't return me anything. public class SecretQuestionAuthenticator implements Authenticator { @Override public void authenticate(AuthenticationFlowContext context) { System.out.println(context.getHttpRequest().getInputStream().available()); // prints 0System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream())); //empty :( Any ideas of how I can get it to work? Thanks filipe -- filipe lautert _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user