Yubikey Support
The Payara API provides a way to authenticate with Yubikey using the @YubikeyIdentityStoreDefinition
annotation. This works in the same way as other identity stores in the Java EE Security API.
Usage
The Yubikey identity store is defined through the @YubikeyIdentityStoreDefinition
annotation. Specifying this in a valid place as defined by the Security API will create the identity store. Often this may mean that any class is a valid position.
This authentication mechanism currently supports cloud-based Yubikey authentication servers only. |
Configuration
The @YubikeyIdentityStoreDefinition
annotation has several configuration attributes. These refer to the API access credentials from Yubico.
One of yubikeyAPIClientID , yubikeyAPIClientIDExpression or a MicroProfile Configuration settings is mandatory for the feature to work correctly.
|
Option | Required | Description |
---|---|---|
|
false |
The client identifier used to identify the application |
|
true |
The API key |
|
false |
The priority of the identity store |
|
false |
EL expression which overrides the priority value |
|
false |
EL expression which overrides the yubikeyAPIClientID value |
These attributes can be overridden with MicroProfile configuration values:
-
payara.security.yubikey.apikey
overridesyubikeyAPIKey
-
payara.security.yubikey.clientid
overridesyubikeyAPIClientID
-
payara.security.yubikey.identitystore.priority
overridespriority