I'm trying to develop a x-pack plugin that implements a custom realm and custom roles provider which uses the DN of a user certificate to authenticate and create custom roles based upon a RESTful request to an external legacy authentication and authorization system. I'm using the shield-custom-realm-example as my guide, but since there's no x-pack-api javadoc, I don't see how it's possible to obtain the user DN from the user's Elasticsearch request and/or PKI realm. Please advise.
@asanderson don't know if this is helpful, but you should be able to do something like this in the custom realm implementation:
import org.elasticsearch.xpack.security.authc.pki.X509AuthenticationToken;
public void authenticate(AuthenticationToken authenticationToken,
ActionListener<AuthenticationResult> listener) {
X509AuthenticationToken token = (X509AuthenticationToken)authToken;
String dn = token.dn();
String principal = token.principal();
java.security.cert.X509Certificate[] creds = token.credentials();
}
If that works, then that's exactly what I was seeking.
I'll give it a try.
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.