13.2.1.2.2. Certificate Token

class privacyidea.lib.tokens.certificatetoken.CertificateTokenClass(aToken)

Token to implement an X509 certificate. The certificate can be enrolled by sending a CSR to the server. privacyIDEA is capable of working with different CA connectors.

Valid parameters are request or certificate, both PEM encoded. If you pass a request you also need to pass the ca that should be used to sign the request. Passing a certificate just uploads the certificate to a new token object.

A certificate token can be created by an administrative task with the token/init api like this:

Example Authentication Request:

POST /auth HTTP/1.1
Host: example.com
Accept: application/json

type=certificate
user=cornelius
realm=realm1
request=<PEM encoded request>
ca=<name of the ca connector>

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
   "detail": {
     "certificate": "...PEM..."
   },
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": true
   },
   "version": "privacyIDEA unknown"
 }

classmethod get_class_info(*args, **kwds)

returns a subtree of the token definition

Parameters:

• key (string) – subsection identifier
• ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

dict or scalar

classmethod get_class_prefix()

classmethod get_class_type()

get_init_detail(*args, **kwds)

At the end of the initialization we return the certificate

hKeyRequired = False

update(param)

This method is called during the initialization process. :param param: parameters from the token init :type param: dict :return: None

using_pin = False