Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

9.6. Registering Custom Authentication Plug-ins

Custom authentication plug-in modules can be registered through the CA Console. Authentication plug-in modules can also be deleted through the CA Console. Before deleting a module, delete instances that are based on that module.

Note

For writing custom plug-ins, refer to the Authentication Plug-in Tutorial.
  1. Create the custom authentication class. For this example, the custom authentication plug-in is called UidPwdDirAuthenticationTestms.java.
  2. Compile the new class. 
    javac -d . -classpath $CLASSPATH UidPwdDirAuthenticationTestms.java
    Copy to Clipboard Toggle word wrap
  3. Create a directory in the CA's WEB-INF web directory to hold the custom classes, so that the CA can access them for the enrollment forms. 
    mkdir /usr/share/pki/ca/webapps/ca/WEB-INF/classes
    Copy to Clipboard Toggle word wrap
  4. Copy the new plug-in files into the new classes directory, and set the owner to the Certificate System system user (pkiuser). 
    cp -pr com /usr/share/pki/ca/webapps/ca/WEB-INF/classes

chown -R pkiuser:pkiuser /usr/share/pki/ca/webapps/ca/WEB-INF/classes
    Copy to Clipboard Toggle word wrap
  5. Log into the console. 
    pkiconsole https://server.example.com:8443/ca
    Copy to Clipboard Toggle word wrap
  6. Register the plug-in.
    1. In the Configuration tab, click Authentication in the navigation tree.
    2. In the right pane, click the Authentication Plug-in Registration tab.
      The tab lists modules that are already registered.
    3. To register a plug-in, click Register.
      The Register Authentication Plug-in Implementation window appears.
    4. Specify which module to register by filling in the two fields:
      • Plugin name. The name for the module.
      • Class name. The full name of the class for this module. This is the path to the implementing Java™ class. If this class is part of a package, include the package name. For example, to register a class named customAuth in a package named com.customplugins, the class name is com.customplugins.customAuth.
  7. After registering the module, add the module as an active authentication instance.
    1. In the Configuration tab, click Authentication in the navigation tree.
    2. In the right pane, click the Authentication Instance tab.
    3. Click Add.
    4. Select the custom module, UidPwdDirAuthenticationTestms.java, from the list to add the module. Fill in the appropriate configuration for the module.
  8. Create a new end-entity enrollment form to use the new authentication module. 
    cd /var/lib/pki/pki-tomcat/ca/profiles/ca

cp -p caDirUserCert.cfg caDirUserCertTestms.cfg

vi caDirUserCertTestms.cfg

desc=Test ms - This certificate profile is for enrolling user certificates with directory-based authentication.
visible=true
enable=true
enableBy=admin
name=Test ms - Directory-Authenticated User Dual-Use Certificate Enrollment
auth.instance_id=testms
...
    Copy to Clipboard Toggle word wrap
  9. Add the new profile to the CA's CS.cfg file.

    Note

    Back up the CS.cfg file before editing it. 
    vim /var/lib/pki/instance-name/ca/conf/CS.cfg

profile.list=caUserCert,caDualCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caOtherCert,caCACert,caInstallCACert,caRACert,caOCSPCert,caTransportCert,caDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthKRAstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,DomainController,caDirUserCertTestms
...
profile.caDirUserCertTestms.class_id=caEnrollImpl
profile.caDirUserCertTestms.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCertTestms.cfg
    Copy to Clipboard Toggle word wrap
  10. Restart the CA. 
    systemctl restart pki-tomcatd@instance_name.service
    Copy to Clipboard Toggle word wrap
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat