13.2.1.2.1. Certificate Token¶
-
class
privacyidea.lib.tokens.certificatetoken.
CertificateTokenClass
(aToken)[source]¶ Token to implement an X509 certificate. The certificate can be enrolled by sending a CSR to the server. privacyIDEA is capable of working with different CA connectors.
Valid parameters are request or certificate, both PEM encoded. If you pass a request you also need to pass the ca that should be used to sign the request. Passing a certificate just uploads the certificate to a new token object.
A certificate token can be created by an administrative task with the token/init api like this:
Example Authentication Request:
POST /auth HTTP/1.1 Host: example.com Accept: application/json type=certificate user=cornelius realm=realm1 request=<PEM encoded request> ca=<name of the ca connector>
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "detail": { "certificate": "...PEM..." }, "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": true }, "version": "privacyIDEA unknown" }