5.2.6. xgt.TrustedProxyAuth¶
- class xgt.TrustedProxyAuth(ssl_root_dir=None, ssl_server_cert=None, ssl_proxy_cert=None, ssl_proxy_key=None, userid=None)¶
PKI-based authentication through a trusted proxy. User ID is passed by the trusted proxy. Automatically enables mutual TLS for connecting to the server.
Added in version 2.3.0.
- Parameters:
ssl_root_dir (str) – Path to the root folder for ssl certificates and private keys. Defaults to the user’s home directory.
ssl_server_cert (str) – File containing the certificate chain that validates the server’s certificate. Defaults to ssl_root_dir + ‘/certs/ca-chain.cert.pem’.
ssl_proxy_cert (str) – File containing the proxy’s certificate.
ssl_proxy_key (str) – File containing the proxy’s key.
userid (str) – User ID coming from the trusted proxy. The gRPC connection will be done under the proxy’s certificate identity, but the logical xGT connection will correspond to this user ID.
Methods
__init__([ssl_root_dir, ssl_server_cert, ...])Constructor for PKIAuth.
Attributes
The location of the file with the client's certificate.
The location of the file with the client's key.
The location of the file with the proxy's certificate.
The location of the file with the proxy's key.
The SSL certificate directory.
The location of the file with the certificate chain validating the server certificate.
The user ID provided by the proxy.
- property ssl_client_cert: str¶
The location of the file with the client’s certificate.
- Type:
str
- property ssl_client_key: str¶
The location of the file with the client’s key.
- Type:
str
- property ssl_proxy_cert: str¶
The location of the file with the proxy’s certificate.
- Type:
str
- property ssl_proxy_key: str¶
The location of the file with the proxy’s key.
- Type:
str
- property ssl_root_dir: str¶
The SSL certificate directory.
- Type:
str
- property ssl_server_cert: str¶
The location of the file with the certificate chain validating the server certificate.
- Type:
str
- property userid: str¶
The user ID provided by the proxy.
- Type:
str