Hi
thanks Bill, it worked - I wasn't aware of class ResteasyProviderFactory .
Cheers
filipe
On Thu, Jul 7, 2016 at 5:25 PM Bill Burke <bburke(a)redhat.com> wrote:
Don't you have to get the cert chain from a servlet request
attribute?
This might work.
HttpServletRequest httpServletRequest =
ResteasyProviderFactory.getContextData(HttpServletRequest.class);
X509Certificate[] certs = (X509Certificate[])
httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
On 7/7/16 10:53 AM, Filipe Lautert wrote:
Hello
short story: is there a way to get the request body sent from the client
inside an Authenticator (my class implements Authenticator , unsing
method @Override authenticate(context)) ? I'm trying with
context.getHttpRequest().getInputStream()
but it is empty.
Full story:
I'm trying to build a Keycloak authenticator that reads a client
certificate and uses it to validate the user, using as a base the
SecretQuestionAuthenticator example . The client certificate is a hard
token that is read by Firefox. To handle the certificate read part I'm usng
Apache mod ssl, with the below relevant configuration:
SSLEngine on
SSLProxyEngine on
<LocationMatch "/auth">
ProxyPass ajp://localhost:8010/auth
ProxyPassReverse ajp://localhost:8010/auth
</LocationMatch>
SSLOptions +StdEnvVars +ExportCertData
... etc
Looking at a tcpdump/wireshark on port 8010, I can see that the client
certificate is sent on the request body to Keycloak.
So far fine, Apache validates the certificate, extracts it and send to
Keycloak. The problem is that I'm unable to read the request body inside my
authenticator class as context.getHttpRequest().getInputStream() is
empty, and as the body is the raw certificate the method
context.getHttpRequest().getFormParameters()
method won't return me anything.
public class SecretQuestionAuthenticator implements Authenticator {
@Override
public void authenticate(AuthenticationFlowContext context) {
System.out.println(context.getHttpRequest().getInputStream().available());
// prints 0
System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream()));
//empty :(
Any ideas of how I can get it to work?
Thanks
filipe
--
filipe lautert
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
filipe lautert