Certificate

This authenticator expects a configured HTTP header containing a X509 Certificate formatted as PEM.

Configuration

Authenticator type: CertificateAuth

Common Authenticator configuration can be found here.

Name

Description

Default value

Mandatory

certificate_header_name

Name of the headers containing the certificate.

N/A

missing_certificate_location

If the header contains no datat, where to redirect the client.

N/A

custom_identifier

When logging events, the custom_identifier lets you tag the event.

N/A

{
            "id": "cert",
            "type": "CertificateAuth",
            "config": {
              "base_path": "/saml/authn",
              "certificate_header_name": "pemdata",
              "missing_certificate_location":"https://<custom_location>"
            }
}

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when starting, completing, and failing a transaction.

Event ids are:

WEB_100013("Authentication using certificate completed")
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of device starting transaction)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_USER_NAME (subject from the certificate)
- MESSAGE (certificate serial)

Data exposed to global state

After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:

serial
subject
certificate

API

This authenticator has no UI

PreviousHeader based NextPointsharp Net iD Access server

hashtagConfiguration

hashtagLogging

hashtagData exposed to global state

hashtagAPI

Configuration

Logging

Data exposed to global state

API