Hello, I would like to mix the authentication methods on Sunstone.
I created an X509 user[1] and the one* CLI are working with it. According to the documentation[2], I need to switch Sunstone to “x509”, but I thought that using “:auth: opennebula” permit to use whatever is configured for the user. I first try as explained in the documentation: - set “:auth: x509” in sunstone - install user certificate authority to “/etc/one/auth/certificates/” - configure my nginx as describe in attachement - install the user x509 certificate on my iceweasel 35.0.1 browser When I access Sunstone, my browser ask me to choose my certificate but I finish on login page with only a “Login” button plus the “Keep me logged in” checkbox. I should have miss some headers to add to my Requests. Any hints? Regards. Footnotes: [1] http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html [2] http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html#enabling-x509-auth-in-sunstone -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
# Opennebula Sunstone upstream sunstone { server 127.0.0.1:9869; } upstream onerpc { server 127.0.0.1:2633; } # Port 80 redirected to SSL server { listen 80; server_name nebula.example.net; location / { return 301 https://$host$request_uri?; } } # SSL reverse-proxy server { listen 443 default_server; listen [::]:443 default_server ipv6only=on; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/ssl/ca.crt; ssl_verify_client optional; root /usr/share/nginx/html; index index.html index.htm; server_name nebula.example.net; access_log /var/log/nginx/opennebula-sunstone-access.log; error_log /var/log/nginx/opennebula-sunstone-error.log; client_max_body_size 5G; location / { try_files $uri @sunstone; } location /RPC2 { include proxy_params; proxy_pass http://onerpc; } location @sunstone { include proxy_params; proxy_set_header SSL_CLIENT_S_DN $ssl_client_s_dn; proxy_set_header SSL_CLIENT_I_DN $ssl_client_i_dn; proxy_set_header SSH_CLIENT_VERIFY $ssl_client_verify; proxy_set_header SSH_CLIENT_CERT $ssl_client_cert; include ssl_parms; proxy_pass http://sunstone; } }
signature.asc
Description: PGP signature
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org