not everyone needs client certificates, so of course the default config
needs tuning.
AFAIK (@michele can chime in any time, he's the original author) what is
needed are a few environmental variables passed along, such as
SSL_CLIENT_CERT
SSL_CLIENT_RAW_CERT
SSL_CLIENT_VERIFY
SSL_CLIENT_SERIAL
@dps - I agree comments should be added. I'll put together a detailed
description of the configuration changes I had to make and the modification
needed in x509 auth to get it to work.
-Austin
On Wednesday, March 11, 2015 at 1:56:58 PM UTC-4, Dave S wrote:
On Wednesday, March 11, 2015 at
Any thoughts on how I could check to see if the user is a new user and if
they are to mark their account as pending (as if I was using the old form
of auth). However, pending doesn't seem to work when using x509 auth.
I wanted to use the book class:
You can do another check and raise HTTP(404, 'Pending registration') if the
user is pending just after that code you already put in place
2015-03-12 16:53 GMT+01:00 LoveWeb2py atayloru...@gmail.com:
Any thoughts on how I could check to see if the user is a new user and if
they are to mark
@Austin,
did you try to set CGI/WSGI variables by using SetEnv and PassEnv
directives inside your apache configuration? IMHO that would make things
cleaner than modifying the x509 module.
mic
2015-03-12 15:10 GMT+01:00 LoveWeb2py atayloru...@gmail.com:
@dps - I agree comments should be
On Wednesday, March 11, 2015 at 6:50:28 AM UTC-7, mcm wrote:
If you do not have the email you can use the registration_id and username
fields.
Most details are on the book:
http://web2py.com/books/default/chapter/29/09/access-control
Would it be appropriate to add some of the comments
Those are exactly the two I don't have so far from the list I saw in
another post I have:
SSL_CIPHER, SSL_CLIENT_I_DN, SSL_CLIENT_CERT, SSL_CLIENT_VERIFY
The following are not being passed (probably a problem with my ssl.conf:
SSL_CLIENT_RAW_CERT, SSL_SESSION_ID, SSL_CLIENT_SERIAL
Almost
You can read any of the fields a certificate contains eventually.
see here for some ideas: https://code.google.com/p/simpatica/
It's a working PKI that allows to generate csr and sign them with a valid
signin certificate
2015-03-11 13:48 GMT+01:00 LoveWeb2py atayloru...@gmail.com:
Once
Also make sure to have these settings in your virtualhost
SSLEngine On
SSLOptions +stdEnvVars
To verify the variables are being passed properly look at {{=request.env}}
in a view and look for SSL variables.
On Wednesday, March 11, 2015 at 8:22:15 AM UTC-4, LoveWeb2py wrote:
Thank you so much
Once authentication happens how can I make them members of groups. I notice
now they don't have an entry in Auth user. Should I have them register
first and once they're reigstered they can use PKI authentication? This is
uncharted waters for me so I'm trying to figure out the best approach for
I am glad someone is using x509 Auth, it is a very simple way to handle
user security,
One important piece of the puzzle (with apache) is:
SSLVerifyClient optional
The optional allows one to accept any user on the website, while having
some web2py actions require a valid user certificate
just
Thank you so much for posting and for x509 auth. I got it working. For
anyone who finds this. If you're using apache you need to change line 33 in
x509_auth.py from self.ssl_client_raw_cert =
self.request.env.ssl_client_cert
It's the same cert that gets decoded by X509.FORMAT_PEM, but I
If you do not have the email you can use the registration_id and username
fields.
Most details are on the book:
http://web2py.com/books/default/chapter/29/09/access-control
2015-03-11 14:08 GMT+01:00 Michele Comitini michele.comit...@gmail.com:
You can read any of the fields a certificate
The main problem is that when I set auth.settings.login_form = X509Auth()
as specified in the book I get the error: Login not allowed. No valid x509
credentials.
My httpd.conf is exactly out of the book as specified for mod_wsgi
*httpd* - Apache Hypertext Transfer Protocol Server
my httpd.conf has the certificates and is serving https out properly, I
just can't seem to read the user certificates when they visit the site.
On Tuesday, March 10, 2015 at 3:36:53 PM UTC-4, Richard wrote:
This works out of the box with
Just the basic stuff like first name and last name. But when I try to login
using the x509 tutorial in the book I am getting Login not allowed. No
valid x509 credentials. This tells me that my certificate isn't being read
properly by web2py or I'm not passing the variables through uwsgi
Is M2Crypto in my wsgi handler? I have the module installed if that's what
you mean.
On Tuesday, March 10, 2015 at 3:35:17 PM UTC-4, Richard wrote:
Is M2Crypto there??
Basic, but you know...
On Tue, Mar 10, 2015 at 3:18 PM, LoveWeb2py atayl...@gmail.com
javascript: wrote:
Just the
Is M2Crypto there??
Basic, but you know...
On Tue, Mar 10, 2015 at 3:18 PM, LoveWeb2py atayloru...@gmail.com wrote:
Just the basic stuff like first name and last name. But when I try to
login using the x509 tutorial in the book I am getting Login not allowed.
No valid x509 credentials. This
This works out of the box with Rocket (the web2py built-in web server) but
you may need some extra configuration work on the web server side if you
are using a different web server. In particular you need to tell your web
server where the certificates are located on local host and that it needs
to
Thanks Niphlod,
I had SSLOptions +stdEnvVars setup, but still no luck. I think that's
definitely the problem though (Maybe I'm misplacing them) Hopefully Michele
can chyme in.
On Tuesday, March 10, 2015 at 5:12:44 PM UTC-4, Niphlod wrote:
not everyone needs client certificates, so of course
so I did {{=request.env}} and I can see the SSL DATA certificate in another
app, but for some reason the app that requires the data isn't being passed.
Going to keep troubleshooting that app because I really want to use the
x509 authentication with web2py!!
for some reason the x509 auth isn't
what if you return somewhere this dict (takes the SSL* env variables and
prints it)
def yourcode():
.
debug_values = {}
for k, v in request.env.iteritems():
if k.lower().startswith('ssl'):
debug_values[k] = v
.
return dict(.,
debug it, debug it, debug it.
AFAICS, x509_auth.py requires:
ssl_client_raw_cert
optional ssl_client_serial
On Wednesday, March 11, 2015 at 12:04:51 AM UTC+1, LoveWeb2py wrote:
so I did {{=request.env}} and I can see the SSL DATA certificate in
another app, but for some reason the app that
23 matches
Mail list logo
