Manual Reference Pages - OPENXPKI::SERVER::AUTHENTICATION::X509 (3)
OpenXPKI::Server::Authentication::X509 - certificate based authentication.
Use a certificate chain passed by the authenticator to authenticate the user.
This is an abstract base class, the actual challenge and extractin of the chain is
done in ChallengeX509 and ClientX509 class, the later validation performs several steps:
* look up a suitable root certificate, either in the received chain or in the database.
* do a cryptographic validation on the chain.
* check if any of the certificates (entity, chain or root) is contained in the trust anchor list.
Any failure results in an exception.
Create a list of trust anchor identifiers from the configuration.
returns a pair of (user, role, response_message) for a given login
step. Noop - needs to be implemented by the inherited classes.
# trust anchors
- cert_identifier of external ca cert
A connector that returns a role for a give user
Argument to use with hander to query for a role. Supported values are cn (common name), subject, serial
The default role to assign to a user if no result is found using the handler.
If you do not specify a handler but a default role, you get a static role assignment for any matching certificate.
A list of certificate identifiers to be used as trust anchors
A list of realm names to be used as trust anchors (this loads all ca certificates from the given realm into the list of trusted ca certs).
|perl v5.20.3 ||OPENXPKI::SERVER::AUTHENTICATION::X509 (3) ||2016-04-03 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.