Certificate
This authenticator expects a configured HTTP header containing a X509 Certificate formatted as PEM.
Configuration
Authenticator type: CertificateAuth
Common Authenticator configuration can be found here.
certificate_header_name
Name of the headers containing the certificate.
N/A
missing_certificate_location
If the header contains no datat, where to redirect the client.
N/A
custom_identifier
When logging events, the custom_identifier lets you tag the event.
N/A
Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when starting, completing, and failing a transaction.
Event ids are:
WEB_100013("Authentication using certificate completed")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of device starting transaction)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_USER_NAME (subject from the certificate)
MESSAGE (certificate serial)
Data exposed to global state
After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:
serial
subject
certificate
API
This authenticator has no UI