13.2.1.2.2. Certificate Token¶
-
class
privacyidea.lib.tokens.certificatetoken.
CertificateTokenClass
(aToken)[source]¶ Token to implement an X509 certificate. The certificate can be enrolled by sending a CSR to the server. privacyIDEA is capable of working with different CA connectors.
Valid parameters are request or certificate, both PEM encoded. If you pass a request you also need to pass the ca that should be used to sign the request. Passing a certificate just uploads the certificate to a new token object.
A certificate token can be created by an administrative task with the token/init api like this:
Example Authentication Request:
POST /auth HTTP/1.1 Host: example.com Accept: application/json type=certificate user=cornelius realm=realm1 request=<PEM encoded request> ca=<name of the ca connector>
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "detail": { "certificate": "...PEM..." }, "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": true }, "version": "privacyIDEA unknown" }
-
classmethod
get_class_info
(*args, **kwds)[source]¶ returns a subtree of the token definition
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: dict or scalar
-
hKeyRequired
= False¶
-
update
(param)[source]¶ This method is called during the initialization process. :param param: parameters from the token init :type param: dict :return: None
-
using_pin
= False¶
-
classmethod