Don't you have to get the cert chain from a servlet request attribute?
This might work.
|HttpServletRequest httpServletRequest =
ResteasyProviderFactory.getContextData(HttpServletRequest.class);
X509Certificate[]certs
=(X509Certificate[])httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
|
On 7/7/16 10:53 AM, Filipe Lautert wrote:
Hello
short story: is there a way to get the request body sent from the
client inside an Authenticator (my class implements Authenticator ,
unsing method @Override authenticate(context)) ? I'm trying with
context.getHttpRequest().getInputStream() but it is empty.
Full story:
I'm trying to build a Keycloak authenticator that reads a client
certificate and uses it to validate the user, using as a base the
SecretQuestionAuthenticator example . The client certificate is a hard
token that is read by Firefox. To handle the certificate read part I'm
usng Apache mod ssl, with the below relevant configuration:
SSLEngineon
SSLProxyEngineon
<LocationMatch"/auth">
ProxyPassajp://localhost:8010/auth
ProxyPassReverseajp://localhost:8010/auth
</LocationMatch>
SSLOptions+StdEnvVars+ExportCertData
... etc
Looking at a tcpdump/wireshark on port 8010, I can see that the client
certificate is sent on the request body to Keycloak.
So far fine, Apache validates the certificate, extracts it and send to
Keycloak. The problem is that I'm unable to read the request body
inside my authenticator class as
context.getHttpRequest().getInputStream() is empty, and as the body is
the raw certificate the method
context.getHttpRequest().getFormParameters() method won't return me
anything.
public class SecretQuestionAuthenticator implements Authenticator {
@Override
public void authenticate(AuthenticationFlowContext context) {
System.out.println(context.getHttpRequest().getInputStream().available());
// prints
0System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream()));
//empty :(
Any ideas of how I can get it to work?
Thanks
filipe
--
filipe lautert
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user