The Payara Public API provides a way to authenticate with Yubikey using the @YubikeyIdentityStoreDefinition annotation. This works in the same way as other identity stores in the Java EE Security API.
Usage
The Yubikey identity store is defined through the @YubikeyIdentityStoreDefinition annotation. Specifying this in a valid place as defined by the Security API will create the identity store. Often this may mean that any class is a valid position.
| This authentication mechanism currently supports cloud-based Yubikey authentication servers only. |
Configuration
The @YubikeyIdentityStoreDefinition annotation has several configuration attributes. These refer to the API access credentials from Yubico.
One of yubikeyAPIClientID, yubikeyAPIClientIDExpression or a MicroProfile Configuration settings is mandatory for the feature to work correctly.
|
| Option | Required | Description |
|---|---|---|
|
false |
The client identifier used to identify the application |
|
true |
The API key |
|
false |
The priority of the identity store |
|
false |
EL expression which overrides the priority value |
|
false |
EL expression which overrides the yubikeyAPIClientID value |
These attributes can be overridden with MicroProfile configuration values:
-
payara.security.yubikey.apikeyoverridesyubikeyAPIKey -
payara.security.yubikey.clientidoverridesyubikeyAPIClientID -
payara.security.yubikey.identitystore.priorityoverridespriority