Certificate

This authenticator expects a configured HTTP header containing a X509 Certificate formatted as PEM.

Configuration

Authenticator type: CertificateAuth

Common Authenticator configuration can be found here.

Name
Description
Default value
Mandatory

certificate_header_name

Name of the headers containing the certificate.

N/A

missing_certificate_location

If the header contains no datat, where to redirect the client.

N/A

custom_identifier

When logging events, the custom_identifier lets you tag the event.

N/A

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when starting, completing, and failing a transaction.

Event ids are:

  • WEB_100013("Authentication using certificate completed")

    • IDENTIFIER (user trace id)

    • SOURCE_ADDRESS (ip address of device starting transaction)

    • CUSTOMER_IDENTIFIER (if configured)

    • SOURCE_USER_NAME (subject from the certificate)

    • MESSAGE (certificate serial)

Data exposed to global state

After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:

  • serial

  • subject

  • certificate

API

This authenticator has no UI