Once authentication happens how can I make them members of groups. I notice
now they don't have an entry in Auth user. Should I have them register
first and once they're reigstered they can use PKI authentication? This is
uncharted waters for me so I'm trying to figure out the best approach for
it.
On Wednesday, March 11, 2015 at 8:05:48 AM UTC-4, mcm wrote:
>
> I am glad someone is using x509 Auth, it is a very simple way to handle
> user security,
>
> One important piece of the puzzle (with apache) is:
>
> SSLVerifyClient optional
>
> The optional allows one to accept any user on the website, while having
> some web2py actions require a valid user certificate
> just by adding the standard @auth.requires_login()
>
> ## Client Authentication (Type):
> # Client certificate verification type and depth. Types are none,
> optional,
> # require and optional_no_ca. Depth is a number which specifies
> how deeply
> # to verify the certificate issuer chain before deciding the
> certificate is
> # not valid.
> #SSLVerifyClient require
> #SSLVerifyDepth 10
>
>
> 2015-03-11 12:27 GMT+01:00 LoveWeb2py <atayl...@gmail.com <javascript:>>:
>
>> Those are exactly the two I don't have so far from the list I saw in
>> another post I have:
>>
>> SSL_CIPHER, SSL_CLIENT_I_DN, SSL_CLIENT_CERT, SSL_CLIENT_VERIFY
>>
>> The following are not being passed (probably a problem with my ssl.conf:
>> SSL_CLIENT_RAW_CERT, SSL_SESSION_ID, SSL_CLIENT_SERIAL
>>
>> Almost there! :) I'll post the fix when I find it
>>
>>
>> On Tuesday, March 10, 2015 at 7:56:45 PM UTC-4, Niphlod wrote:
>>>
>>> debug it, debug it, debug it.
>>>
>>> AFAICS, x509_auth.py requires:
>>>
>>> ssl_client_raw_cert
>>> optional ssl_client_serial
>>>
>>> On Wednesday, March 11, 2015 at 12:04:51 AM UTC+1, LoveWeb2py wrote:
>>>>
>>>> so I did {{=request.env}} and I can see the SSL DATA certificate in
>>>> another app, but for some reason the app that requires the data isn't
>>>> being
>>>> passed. Going to keep troubleshooting that app because I really want to
>>>> use
>>>> the x509 authentication with web2py!!
>>>>
>>>> for some reason the x509 auth isn't working still. Going to keep
>>>> pressing and will post a fix when I find it. Thank you so much for your
>>>> help Niphlod. I hope this helps others in the future!
>>>>
>>>>
>>>>
>>>> On Tuesday, March 10, 2015 at 6:40:29 PM UTC-4, Niphlod wrote:
>>>>>
>>>>> what if you return somewhere this dict (takes the "SSL*" env variables
>>>>> and prints it)
>>>>>
>>>>> def yourcode():
>>>>> .........
>>>>> debug_values = {}
>>>>> for k, v in request.env.iteritems():
>>>>> if k.lower().startswith('ssl'):
>>>>> debug_values[k] = v
>>>>> .........
>>>>> return dict(........., debug_values=debug_values)
>>>>>
>>>>> just to see if those gets indeed passed along.
>>>>>
>>>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+un...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
