Amit,
A "self" was missing this should work:
class MyX509Auth(X509Auth):
def get_user(self):
self.subject.surname = <put something here >
X509Auth.get_user(self)
auth.settings.login_form = MyX509Auth()
2012/11/7 Michele Comitini <michele.comit...@gmail.com>
> Amit,
>
> in your model call the derived class
>
> auth.settings.login_form = MyX509Auth()
>
>
>
> 2012/11/7 Michele Comitini <michele.comit...@gmail.com>
>
>> simpatiCA makes the client certificates already with needed fields.
>> Since you use openssl directly you can set all the fields you need in the
>> certificates by changing openssl.cnf in your openssl installation.
>> There is plenty of documentation on that.
>>
>> OR you can extend the class X509Auth to fit your needs by overriding
>> get_user()
>>
>>
>> class MyX509Auth(X509Auth):
>> def get_user():
>> self.subject.surname = <put something here >
>> X509Auth.get_user(self)
>>
>>
>> mic
>>
>>
>>
>> 2012/11/7 Amit <amit.khaw...@gmail.com>
>>
>>> Hi,
>>> I filled the email address in the certificate but what I think is
>>> problem with surname , please check below the log:
>>>
>>>
>>> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in
>>> get_user at line 91* code arguments variables
>>> Function argument list
>>>
>>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
>>> Code listing
>>>
>>> 86.
>>> 87.
>>> 88.
>>> 89.
>>> 90.
>>> 91.
>>>
>>> 92.
>>> 93.
>>> 94.
>>> 95.
>>>
>>>
>>> p = profile = dict()
>>>
>>> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b),
>>> self.subject.CN or self.subject.commonName)
>>>
>>>
>>>
>>> p['first_name'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.givenName or username)
>>>
>>>
>>> p['last_name'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.surname)
>>>
>>>
>>>
>>> p['email'] = reduce(lambda a,b: '%s | %s' %
>>> (a,b),self.subject.Email or self.subject.emailAddress)
>>>
>>>
>>>
>>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
>>> p['registration_id'] = self.serial
>>>
>>> Variables
>>> a undefined b undefined builtinreduce <built-in function reduce>
>>> self.subject.surname [] self
>>> <gluon.contrib.login_methods.x509_auth.X509Auth
>>> object> self.subject <Storage {'Email': ['amit1.khaw...@gmail.com'],
>>> ...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p {'first_name':
>>> 'A | m | i | t | 1 | | K | h | a | w | a | r | e', 'username': 'Amit1
>>> Khaware'}
>>>
>>> And while generating the certificates it is not asking about surname,
>>> it's asking below information:
>>>
>>> Country Name (2 letter code) [US]:
>>> State or Province Name (full name) [CA]:
>>> Locality Name (eg, city) [San Diego]:
>>> Organization Name (eg, company) [Cafesoft LLC]:
>>> Organizational Unit Name (eg, section) []:
>>> Common Name (eg, YOUR name) []:*Cafesoft CA*
>>> Email Address [c...@cafenet.com]:
>>>
>>> Please enter the following 'extra' attributes
>>> to be sent with your certificate request
>>> A challenge password []:*password*
>>> An optional company name []:
>>>
>>>
>>> please check the link :
>>>
>>>
>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>>>
>>> So x509_auth.py expects surname but above link doesn't provide option
>>> to fill surname :(
>>>
>>>
>>> Regards,
>>>
>>> Amit
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Nov 6, 2012 at 8:34 PM, Michele Comitini <
>>> michele.comit...@gmail.com> wrote:
>>>
>>>> self.subject.Email is [] i.e. an empty list. Check if that is the
>>>> problem.
>>>>
>>>> mic
>>>> Il giorno 06/nov/2012 14:32, "Amit" <amit.khaw...@gmail.com> ha
>>>> scritto:
>>>>
>>>>> I have used below link to generate server certificates, client
>>>>> certificates and CA certificates, imported client and CA certificates to
>>>>> Mozilla Firefox browser and then deploy server certificates and CA
>>>>> certificate to the Rocket server :
>>>>>
>>>>> D:\web2py2.1.1\web2py>web2py.py -a password -i 127.0.0.1 -p 8000 -c
>>>>> C:\OpenSSL-Win32\bin\cirrusAwareCA\server\certificates\server.test.com.crt
>>>>> -k C:\OpenSSL-Win32\bin\cirrusAwareCA\server\keys\server.test.com.key
>>>>> --ca-cert=C:\OpenSSL-Win32\bin\cirrusAwareCA\CA\cirrusAwareCA.crt
>>>>>
>>>>> Then Open browser type https://127.0.0.1:8000/MyApp/default/index
>>>>>
>>>>> Now its giving error:
>>>>> <type 'exceptions.TypeError'> reduce() of empty sequence with no
>>>>> initial value Error snapshot [image: help]
>>>>>
>>>>> <type 'exceptions.TypeError'>(reduce() of empty sequence with no
>>>>> initial value)
>>>>>
>>>>> inspect attributes
>>>>> Frames
>>>>>
>>>>> -
>>>>>
>>>>> *File D:\web2py2.1.1\web2py\gluon\restricted.py in restricted at
>>>>> line 209* code arguments variables
>>>>> -
>>>>>
>>>>> *File
>>>>>
>>>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>>>>> in <module> at line 76* code arguments variables
>>>>> -
>>>>>
>>>>> *File D:\web2py2.1.1\web2py\gluon\globals.py in <lambda> at line
>>>>> 187* code arguments variables
>>>>> -
>>>>>
>>>>> *File
>>>>>
>>>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>>>>> in user at line 38* code arguments variables
>>>>> Code listing
>>>>>
>>>>> 33.
>>>>> 34.
>>>>> 35.
>>>>> 36.
>>>>> 37.
>>>>> 38.
>>>>>
>>>>> 39.
>>>>> 40.
>>>>> 41.
>>>>> 42.
>>>>>
>>>>> use @auth.requires_login()
>>>>> @auth.requires_membership('group name')
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> @auth.requires_permission('read','table name',record_id)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> to decorate functions that need access control
>>>>> """
>>>>> return dict(form=auth())
>>>>>
>>>>>
>>>>>
>>>>> def download():
>>>>> """
>>>>>
>>>>> -
>>>>>
>>>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in __call__ at line 1205
>>>>> * code arguments variables
>>>>> -
>>>>>
>>>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in login at line 2016*
>>>>> code arguments variables
>>>>> -
>>>>>
>>>>> *File
>>>>> D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in
>>>>> get_user
>>>>> at line 91* code arguments variables
>>>>> Function argument list
>>>>>
>>>>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
>>>>> Code listing
>>>>>
>>>>> 86.
>>>>> 87.
>>>>> 88.
>>>>> 89.
>>>>> 90.
>>>>> 91.
>>>>>
>>>>> 92.
>>>>> 93.
>>>>> 94.
>>>>> 95.
>>>>>
>>>>>
>>>>> p = profile = dict()
>>>>>
>>>>> username = p['username'] = reduce(lambda a,b: '%s | %s' %
>>>>> (a,b), self.subject.CN or self.subject.commonName)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> p['first_name'] = reduce(lambda a,b: '%s | %s' %
>>>>> (a,b),self.subject.givenName or username)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> p['last_name'] = reduce(lambda a,b: '%s | %s' %
>>>>> (a,b),self.subject.surname)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> p['email'] = reduce(lambda a,b: '%s | %s' %
>>>>> (a,b),self.subject.Email or self.subject.emailAddress)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
>>>>> p['registration_id'] = self.serial
>>>>>
>>>>> Variables a undefined b undefined builtinreduce <built-in
>>>>> function reduce> self.subject.surname [] self
>>>>> <gluon.contrib.login_methods.x509_auth.X509Auth
>>>>> object> self.subject <Storage {'Email': [], 'C': ['IN'],
>>>>> 'serialNumbe...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p
>>>>> {'first_name':
>>>>> 'A | m | i | t', 'username': 'Amit'}
>>>>>
>>>>>
>>>>> Regards,
>>>>> Amit
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Nov 6, 2012 at 6:42 PM, Michele Comitini <
>>>>> michele.comit...@gmail.com> wrote:
>>>>>
>>>>>> https://github.com/web2py/web2py/blob/master/gluon/main.py#L824
>>>>>>
>>>>>> The log seems to say that your certificate file is not there, or not
>>>>>> accessible
>>>>>>
>>>>>> mic
>>>>>>
>>>>>>
>>>>>> 2012/11/6 Amit <amit.khaw...@gmail.com>
>>>>>>
>>>>>>> I am using Python 2.7.2.
>>>>>>>
>>>>>>> On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini <
>>>>>>> michele.comit...@gmail.com> wrote:
>>>>>>>
>>>>>>>> What is your python version?
>>>>>>>>
>>>>>>>>
>>>>>>>> 2012/11/6 Amit <amit.khaw...@gmail.com>
>>>>>>>>
>>>>>>>>> Hi Michele,
>>>>>>>>> I used Simpatica to generates the certificates but failed to
>>>>>>>>> deploy to the web2py server, please check once the first mail in this
>>>>>>>>> mail
>>>>>>>>> chain where I explained the problem in details.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Amit
>>>>>>>>>
>>>>>>>>> On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini <
>>>>>>>>> michele.comit...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> I suggest looking at code gluon/contrib/login_methods/x509_auth.py.
>>>>>>>>>> Basically you can extract anything from client supplied cert and
>>>>>>>>>> use it
>>>>>>>>>> with the auth tables of web2py. That is really simple.
>>>>>>>>>> The tedious part id getting to know what stuff you can put in the
>>>>>>>>>> cert. That is more related to managing a CA than to web2py itself.
>>>>>>>>>>
>>>>>>>>>> I have written a simple but functional app for managing a little
>>>>>>>>>> CA: simpatiCA <http://goo.gl/nrAhS> ; it is simple enough to be
>>>>>>>>>> used as an example and extended to your needs. If you need a real
>>>>>>>>>> CA there
>>>>>>>>>> are more featured solutions around...
>>>>>>>>>>
>>>>>>>>>> mic
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> > PS: the man behind X509 auth code in web2py is mcm, sadly for
>>>>>>>>>> your it's documented how it works but not how to organize the certs
>>>>>>>>>> (which
>>>>>>>>>> in > theory you should know in advance)
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2012/11/6 Niphlod <niph...@gmail.com>
>>>>>>>>>>
>>>>>>>>>>> hem... one thing is helping you to create certs and key for a
>>>>>>>>>>> SSL protected webserver, quite another to help you managing a
>>>>>>>>>>> credential
>>>>>>>>>>> store (I really don't have time for that).
>>>>>>>>>>> You have problems on finding out what OpenSSL is and want to
>>>>>>>>>>> manage X509 ? Really ?
>>>>>>>>>>> Maybe it's time to read some docs.
>>>>>>>>>>>
>>>>>>>>>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> PS: the man behind X509 auth code in web2py is mcm, sadly for
>>>>>>>>>>> your it's documented how it works but not how to organize the certs
>>>>>>>>>>> (which
>>>>>>>>>>> in theory you should know in advance)
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>
>>
>
--
