atoti.config.client_certificate module¶
- class atoti.config.client_certificate.ClientCertificateConfig(trust_store, trust_store_password, username_regex='CN=(.*?)(?:,|$)')¶
The JKS truststore config to enable client certificate authentication (also called mutual TLS or mTLS) on the application.
This requires
HttpsConfig
to be configured.It can be used alongside the other
AuthenticationConfig
providers. If a user presents valid certificates they will be authenticated, if not they will have to authenticate using the other configured security provider.Opening a query session on a session protected with this config can be done using
atoti_query.client_certificate.ClientCertificate
.Example
>>> config = { ... "client_certificate": { ... "trust_store": "../truststore.jks", ... "trust_store_password": "secret", ... }, ... "https": { ... "certificate": "../cert.p12", ... "password": "secret", ... }, ... }
- trust_store: Union[pathlib.Path, str]¶
Path to the truststore file generated with the certificate used to sign client certificates.