SSLEngine on
SSLProxyEngine on
<LocationMatch "/auth">
ProxyPass ajp://localhost:8010/auth
ProxyPassReverse ajp://localhost:8010/auth
</LocationMatch>
SSLOptions +StdEnvVars +ExportCertData
... etc
Looking at a tcpdump/wireshark on port 8010, I can see that the client certificate is sent on the request body to Keycloak.
So far fine, Apache validates the certificate, extracts it and send to Keycloak. The problem is that I'm unable to read the request body inside my authenticator class as context.getHttpRequest().getInputStream() is empty, and as the body is the raw certificate the method context.getHttpRequest().getFormParameters() method won't return me anything.
public class SecretQuestionAuthenticator implements Authenticator {
@Override
public void authenticate(AuthenticationFlowContext context) {
System.out.println(context.getHttpRequest().getInputStream().available()); // prints 0 System.out.println(getStringFromInputStream(context.getHttpRequest().getInputStream())); //empty :(
Any ideas of how I can get it to work?
Thanks
filipe