Amit, A "self" was missing this should work:
class MyX509Auth(X509Auth): def get_user(self): self.subject.surname = <put something here > X509Auth.get_user(self) auth.settings.login_form = MyX509Auth() 2012/11/7 Michele Comitini <michele.comit...@gmail.com> > Amit, > > in your model call the derived class > > auth.settings.login_form = MyX509Auth() > > > > 2012/11/7 Michele Comitini <michele.comit...@gmail.com> > >> simpatiCA makes the client certificates already with needed fields. >> Since you use openssl directly you can set all the fields you need in the >> certificates by changing openssl.cnf in your openssl installation. >> There is plenty of documentation on that. >> >> OR you can extend the class X509Auth to fit your needs by overriding >> get_user() >> >> >> class MyX509Auth(X509Auth): >> def get_user(): >> self.subject.surname = <put something here > >> X509Auth.get_user(self) >> >> >> mic >> >> >> >> 2012/11/7 Amit <amit.khaw...@gmail.com> >> >>> Hi, >>> I filled the email address in the certificate but what I think is >>> problem with surname , please check below the log: >>> >>> >>> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in >>> get_user at line 91* code arguments variables >>> Function argument list >>> >>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>) >>> Code listing >>> >>> 86. >>> 87. >>> 88. >>> 89. >>> 90. >>> 91. >>> >>> 92. >>> 93. >>> 94. >>> 95. >>> >>> >>> p = profile = dict() >>> >>> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b), >>> self.subject.CN or self.subject.commonName) >>> >>> >>> >>> p['first_name'] = reduce(lambda a,b: '%s | %s' % >>> (a,b),self.subject.givenName or username) >>> >>> >>> p['last_name'] = reduce(lambda a,b: '%s | %s' % >>> (a,b),self.subject.surname) >>> >>> >>> >>> p['email'] = reduce(lambda a,b: '%s | %s' % >>> (a,b),self.subject.Email or self.subject.emailAddress) >>> >>> >>> >>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER >>> p['registration_id'] = self.serial >>> >>> Variables >>> a undefined b undefined builtinreduce <built-in function reduce> >>> self.subject.surname [] self >>> <gluon.contrib.login_methods.x509_auth.X509Auth >>> object> self.subject <Storage {'Email': ['amit1.khaw...@gmail.com'], >>> ...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p {'first_name': >>> 'A | m | i | t | 1 | | K | h | a | w | a | r | e', 'username': 'Amit1 >>> Khaware'} >>> >>> And while generating the certificates it is not asking about surname, >>> it's asking below information: >>> >>> Country Name (2 letter code) [US]: >>> State or Province Name (full name) [CA]: >>> Locality Name (eg, city) [San Diego]: >>> Organization Name (eg, company) [Cafesoft LLC]: >>> Organizational Unit Name (eg, section) []: >>> Common Name (eg, YOUR name) []:*Cafesoft CA* >>> Email Address [c...@cafenet.com]: >>> >>> Please enter the following 'extra' attributes >>> to be sent with your certificate request >>> A challenge password []:*password* >>> An optional company name []: >>> >>> >>> please check the link : >>> >>> >>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html >>> >>> So x509_auth.py expects surname but above link doesn't provide option >>> to fill surname :( >>> >>> >>> Regards, >>> >>> Amit >>> >>> >>> >>> >>> >>> >>> >>> >>> On Tue, Nov 6, 2012 at 8:34 PM, Michele Comitini < >>> michele.comit...@gmail.com> wrote: >>> >>>> self.subject.Email is [] i.e. an empty list. Check if that is the >>>> problem. >>>> >>>> mic >>>> Il giorno 06/nov/2012 14:32, "Amit" <amit.khaw...@gmail.com> ha >>>> scritto: >>>> >>>>> I have used below link to generate server certificates, client >>>>> certificates and CA certificates, imported client and CA certificates to >>>>> Mozilla Firefox browser and then deploy server certificates and CA >>>>> certificate to the Rocket server : >>>>> >>>>> D:\web2py2.1.1\web2py>web2py.py -a password -i 127.0.0.1 -p 8000 -c >>>>> C:\OpenSSL-Win32\bin\cirrusAwareCA\server\certificates\server.test.com.crt >>>>> -k C:\OpenSSL-Win32\bin\cirrusAwareCA\server\keys\server.test.com.key >>>>> --ca-cert=C:\OpenSSL-Win32\bin\cirrusAwareCA\CA\cirrusAwareCA.crt >>>>> >>>>> Then Open browser type https://127.0.0.1:8000/MyApp/default/index >>>>> >>>>> Now its giving error: >>>>> <type 'exceptions.TypeError'> reduce() of empty sequence with no >>>>> initial value Error snapshot [image: help] >>>>> >>>>> <type 'exceptions.TypeError'>(reduce() of empty sequence with no >>>>> initial value) >>>>> >>>>> inspect attributes >>>>> Frames >>>>> >>>>> - >>>>> >>>>> *File D:\web2py2.1.1\web2py\gluon\restricted.py in restricted at >>>>> line 209* code arguments variables >>>>> - >>>>> >>>>> *File >>>>> >>>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py >>>>> in <module> at line 76* code arguments variables >>>>> - >>>>> >>>>> *File D:\web2py2.1.1\web2py\gluon\globals.py in <lambda> at line >>>>> 187* code arguments variables >>>>> - >>>>> >>>>> *File >>>>> >>>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py >>>>> in user at line 38* code arguments variables >>>>> Code listing >>>>> >>>>> 33. >>>>> 34. >>>>> 35. >>>>> 36. >>>>> 37. >>>>> 38. >>>>> >>>>> 39. >>>>> 40. >>>>> 41. >>>>> 42. >>>>> >>>>> use @auth.requires_login() >>>>> @auth.requires_membership('group name') >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> @auth.requires_permission('read','table name',record_id) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> to decorate functions that need access control >>>>> """ >>>>> return dict(form=auth()) >>>>> >>>>> >>>>> >>>>> def download(): >>>>> """ >>>>> >>>>> - >>>>> >>>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in __call__ at line 1205 >>>>> * code arguments variables >>>>> - >>>>> >>>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in login at line 2016* >>>>> code arguments variables >>>>> - >>>>> >>>>> *File >>>>> D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in >>>>> get_user >>>>> at line 91* code arguments variables >>>>> Function argument list >>>>> >>>>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>) >>>>> Code listing >>>>> >>>>> 86. >>>>> 87. >>>>> 88. >>>>> 89. >>>>> 90. >>>>> 91. >>>>> >>>>> 92. >>>>> 93. >>>>> 94. >>>>> 95. >>>>> >>>>> >>>>> p = profile = dict() >>>>> >>>>> username = p['username'] = reduce(lambda a,b: '%s | %s' % >>>>> (a,b), self.subject.CN or self.subject.commonName) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> p['first_name'] = reduce(lambda a,b: '%s | %s' % >>>>> (a,b),self.subject.givenName or username) >>>>> >>>>> >>>>> >>>>> >>>>> p['last_name'] = reduce(lambda a,b: '%s | %s' % >>>>> (a,b),self.subject.surname) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> p['email'] = reduce(lambda a,b: '%s | %s' % >>>>> (a,b),self.subject.Email or self.subject.emailAddress) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER >>>>> p['registration_id'] = self.serial >>>>> >>>>> Variables a undefined b undefined builtinreduce <built-in >>>>> function reduce> self.subject.surname [] self >>>>> <gluon.contrib.login_methods.x509_auth.X509Auth >>>>> object> self.subject <Storage {'Email': [], 'C': ['IN'], >>>>> 'serialNumbe...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p >>>>> {'first_name': >>>>> 'A | m | i | t', 'username': 'Amit'} >>>>> >>>>> >>>>> Regards, >>>>> Amit >>>>> >>>>> >>>>> >>>>> >>>>> On Tue, Nov 6, 2012 at 6:42 PM, Michele Comitini < >>>>> michele.comit...@gmail.com> wrote: >>>>> >>>>>> https://github.com/web2py/web2py/blob/master/gluon/main.py#L824 >>>>>> >>>>>> The log seems to say that your certificate file is not there, or not >>>>>> accessible >>>>>> >>>>>> mic >>>>>> >>>>>> >>>>>> 2012/11/6 Amit <amit.khaw...@gmail.com> >>>>>> >>>>>>> I am using Python 2.7.2. >>>>>>> >>>>>>> On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini < >>>>>>> michele.comit...@gmail.com> wrote: >>>>>>> >>>>>>>> What is your python version? >>>>>>>> >>>>>>>> >>>>>>>> 2012/11/6 Amit <amit.khaw...@gmail.com> >>>>>>>> >>>>>>>>> Hi Michele, >>>>>>>>> I used Simpatica to generates the certificates but failed to >>>>>>>>> deploy to the web2py server, please check once the first mail in this >>>>>>>>> mail >>>>>>>>> chain where I explained the problem in details. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Amit >>>>>>>>> >>>>>>>>> On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini < >>>>>>>>> michele.comit...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> I suggest looking at code gluon/contrib/login_methods/x509_auth.py. >>>>>>>>>> Basically you can extract anything from client supplied cert and >>>>>>>>>> use it >>>>>>>>>> with the auth tables of web2py. That is really simple. >>>>>>>>>> The tedious part id getting to know what stuff you can put in the >>>>>>>>>> cert. That is more related to managing a CA than to web2py itself. >>>>>>>>>> >>>>>>>>>> I have written a simple but functional app for managing a little >>>>>>>>>> CA: simpatiCA <http://goo.gl/nrAhS> ; it is simple enough to be >>>>>>>>>> used as an example and extended to your needs. If you need a real >>>>>>>>>> CA there >>>>>>>>>> are more featured solutions around... >>>>>>>>>> >>>>>>>>>> mic >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> > PS: the man behind X509 auth code in web2py is mcm, sadly for >>>>>>>>>> your it's documented how it works but not how to organize the certs >>>>>>>>>> (which >>>>>>>>>> in > theory you should know in advance) >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2012/11/6 Niphlod <niph...@gmail.com> >>>>>>>>>> >>>>>>>>>>> hem... one thing is helping you to create certs and key for a >>>>>>>>>>> SSL protected webserver, quite another to help you managing a >>>>>>>>>>> credential >>>>>>>>>>> store (I really don't have time for that). >>>>>>>>>>> You have problems on finding out what OpenSSL is and want to >>>>>>>>>>> manage X509 ? Really ? >>>>>>>>>>> Maybe it's time to read some docs. >>>>>>>>>>> >>>>>>>>>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> PS: the man behind X509 auth code in web2py is mcm, sadly for >>>>>>>>>>> your it's documented how it works but not how to organize the certs >>>>>>>>>>> (which >>>>>>>>>>> in theory you should know in advance) >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> >>>> >>>> >>>> >>> >>> -- >>> >>> >>> >>> >> >> > --