Hi

thanks Bill, it worked - I wasn't aware of class ResteasyProviderFactory .

Cheers

filipe

On Thu, Jul 7, 2016 at 5:25 PM Bill Burke <bburke@redhat.com> wrote:

Don't you have to get the cert chain from a servlet request attribute?  This might work.


    HttpServletRequest httpServletRequest = ResteasyProviderFactory.getContextData(HttpServletRequest.class);
    X509Certificate[] certs = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");

 


On 7/7/16 10:53 AM, Filipe Lautert wrote:
Hello

short story: is there a way to get the request body sent from the client inside an Authenticator (my class implements Authenticator , unsing method @Override authenticate(context)) ? I'm trying with context.getHttpRequest().getInputStream() but it is empty.

Full story:
I'm trying to build a Keycloak authenticator that reads a client certificate and uses it to validate the user, using as a base the SecretQuestionAuthenticator example . The client certificate is a hard token that is read by Firefox. To handle the certificate read part I'm usng Apache mod ssl, with the below relevant configuration:

SSLEngine on 

SSLProxyEngine on 

                <LocationMatch "/auth"> 

                        ProxyPass ajp://localhost:8010/auth 

                        ProxyPassReverse ajp://localhost:8010/auth 

                </LocationMatch> 

SSLOptions +StdEnvVars +ExportCertData 

... etc


Looking at a tcpdump/wireshark on port 8010, I can see that the client certificate is sent on the request body to Keycloak.


So far fine, Apache validates the certificate, extracts it and send to Keycloak. The problem is that I'm unable to read the request body inside my authenticator class as context.getHttpRequest().getInputStream() is empty, and as the body is the raw certificate the method context.getHttpRequest().getFormParameters() method won't return me anything.


public class SecretQuestionAuthenticator implements Authenticator {

@Override

public void authenticate(AuthenticationFlowContext context) {

System.out.println(context.getHttpRequest().getInputStream().available()); // prints 0 System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream())); //empty :(


Any ideas of how I can get it to work?


Thanks


filipe

--
filipe lautert


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
filipe lautert