I need to enable PIV authentication to a python flask server I am developping. After searching on the Internet I didn't find any example of this.
Here's the setup: We have Yubico Yubikeys 5, OpenSC installed on every computer, we can work with Firefox which can access the key with PKCS11.
I want the users to load a page on their browser from the python server and be prompted to enter their pin/press the key.
What do I have to do to trigger the login process with the yubikey? How do I retrieve the certificate ? Is it something I have to do in python before return the login page or a special parameter ? Or is it something I have to do in JS ?
The python flask server currently have a login page with the classic username/password login method. It communicates with the domain's AD.
One way to do this is to run your python application via a web server like apache and use mod_ssl to terminate a TLS connection using client authentication, using the certificate on your YubiKey. See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
The client certificate can than be read from your python application using an environment variable (SSL_CLIENT_CERT).