Certificate

This authenticator expects a configured HTTP header containing a X509 Certificate formatted as PEM.

Configuration

Authenticator type: CertificateAuth

Common Authenticator configuration can be found here.

Name Description Default value Mandatory

Name	Description	Default value
`certificate_header_name`	Name of the headers containing the certificate.	N/A
`missing_certificate_location`	If the header contains no datat, where to redirect the client.	N/A
`custom_identifier`	When logging events, the custom_identifier lets you tag the event.	N/A

certificate_header_name

Name of the headers containing the certificate.

N/A

missing_certificate_location

If the header contains no datat, where to redirect the client.

N/A

custom_identifier

When logging events, the custom_identifier lets you tag the event.

N/A

{
            "id": "cert",
            "type": "CertificateAuth",
            "config": {
              "base_path": "/saml/authn",
              "certificate_header_name": "pemdata",
              "missing_certificate_location":"https://<custom_location>"
            }
}

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when starting, completing, and failing a transaction.

Event ids are:

WEB_100013("Authentication using certificate completed")
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of device starting transaction)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_USER_NAME (subject from the certificate)
- MESSAGE (certificate serial)

Data exposed to global state

After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:

serial
subject
certificate

API

This authenticator has no UI

PreviousHeader based NextPointsharp Net iD Access server

Last updated 1 year ago