Hi, thanks, but that's not what I thought of. Authorization via client certificate DOES already work if used from a web browser.
What I'd like to have is the owncloud client (windows or linux gui) to use a client certificate to authenticate to a server which allows connection only by a client certificate. This doesn't work yet unfortunately. -- Dr. Johannes Zellner <johan...@zellner.org> 2013/10/31 Mario Klug <ma...@klug.me> > ** > > > Sorry, this was a mistake. > > You'd have to check if $_SERVER['SSL_CLIENT_VERIFY'] says "SUCCESS". If > no certificate is available it's also there but the value is "NONE". > > Regards > Mario > > -----Ursprüngliche Nachricht----- > *Von:* Mario Klug <ma...@klug.me> > *Gesendet:* Don 31 Oktober 2013 08:05 > *An:* owncloud@kde.org > *Betreff:* AW: [Owncloud] oc with ssl client certificate > > > Hi Johannes, > I haven't tried it by myself but theoratically when using a client > certificate the apache webserver adds SSL_SERVER_I_DN_CN and > SSL_SERVER_I_DN_Email to the $_SERVER array. > > This makes it very easy to add a check if a certificate is available in > index.php. > > if(!isset($_SERVER['SSL_SERVER_I_DN_CN'])) { > > die('You must provide a valid client certificate!'); > } > > When anybody opens your owncloud without a certificate he will receive a > blank page which tells "You must provide a valid client certificate". > If the browser send this certificate the login should appear as usual. > > Hope this helps as workaround. > > Regards > Mario > > -----Ursprüngliche Nachricht----- > *Von:* Dr. Johannes Zellner <johan...@zellner.org> > *Gesendet:* Mit 30 Oktober 2013 22:49 > *An:* owncloud@kde.org > *Betreff:* Re: [Owncloud] oc with ssl client certificate > > Hi, > > thanks. > > *The interesting question from my (the client) perspective is: (how) did > you make it work on the server?* > * > * > It's as simple as having the client certificate to grant (and be required) > to access the web server. > Afterwards I've to log into owncloud as usual. > > So this is a two stage login process, which... > > 1. ...prevents anybody who doesn't have a valid client certificat to even > see the login page > 2. ...still allows to log into owncloud under different accounts, e.g. an > admin and a user account (if you have the certificate) > > This is perfectly what I like and what works inside a web browser. > In fact I wouldn't like the certificate to be linked to an owncloud > account as it wouldn't allow me to log in under different accounts any more. > I believe that this is a very common scenario that someone wishes to > double-protect a private owncloud server. > > so it would be nice to have client authentication working with the > owncloud clients. > > regards, > > -- > Johannes > > > 2013/10/30 Daniel Molkentin <dan...@owncloud.com> > >> Hi Johannes, >> >> Am 30.10.2013 um 17:03 schrieb Dr. Johannes Zellner: >> >> how do owncloud clients work when apache is configured with ssl client >> certificate authentification? >> >> >> Neither the desktop nor the mobile clients support certificate >> authentication at this point, see below for details. >> >> does the windows client work with a client certificate? >> >> >> The Desktop Client (which has the same codebase for all OSes), has >> https://github.com/owncloud/mirall/issues/69 filed for that. It's not >> yet scheduled for any release, but if you look at the bug report, someone >> has volunteered to look into it, although it's been a few weeks since I >> last heard of him. >> >> The interesting question from my (the client) perspective is: (how) did >> you make it work on the server? IMHO client certificates are only >> interesting if ownCloud automatically maps them to a user (as opposed to >> just being in front of http basic auth as a second layer), and afaik there >> is no user backend for the server that implements such functionality. >> >> does mounting via davfs2 on linux work with a client certificate? >> >> >> Haven't tested that yet myself. The man page indicates that it does. >> >> Cheers, >> Daniel >> >> -- >> www.owncloud.com - Your Data, Your Cloud, Your Way! >> >> ownCloud GmbH, GF: Markus Rex, Holger Dyroff >> Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg) >> >> >> _______________________________________________ >> Owncloud mailing list >> Owncloud@kde.org >> https://mail.kde.org/mailman/listinfo/owncloud >> >> > _______________________________________________ > > Owncloud mailing list > Owncloud@kde.org > https://mail.kde.org/mailman/listinfo/owncloud > > > _______________________________________________ > Owncloud mailing list > Owncloud@kde.org > https://mail.kde.org/mailman/listinfo/owncloud > >
_______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud