Custom realm and roles provider that uses PKI

I'm trying to develop a x-pack plugin that implements a custom realm and custom roles provider which uses the DN of a user certificate to authenticate and create custom roles based upon a RESTful request to an external legacy authentication and authorization system. I'm using the shield-custom-realm-example as my guide, but since there's no x-pack-api javadoc, I don't see how it's possible to obtain the user DN from the user's Elasticsearch request and/or PKI realm. Please advise.

@asanderson don't know if this is helpful, but you should be able to do something like this in the custom realm implementation:

import org.elasticsearch.xpack.security.authc.pki.X509AuthenticationToken;

 public void authenticate(AuthenticationToken authenticationToken, 
    ActionListener<AuthenticationResult> listener) {
    X509AuthenticationToken token = (X509AuthenticationToken)authToken;
    String dn = token.dn();
    String principal = token.principal();
    java.security.cert.X509Certificate[] creds = token.credentials();
}

If that works, then that's exactly what I was seeking.
I'll give it a try.

Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.