- Install M2Crypto.
- If you use rocket be sure to pass the --ca-cert option or if you use
another server configure the server to support client certificate
validation and to pass needed SSL variables in wsgi environment*.
- In you model put the following:
from gluon.contrib.login_methods.x509_auth import X509Account
auth.settings.actions_disabled=['register','change_password',
'request_reset_password','profile']
auth.settings.login_form = X509Account()
*for example in nginx + scgi setup to pass environment variables add
the following in the ssl server stanza:
scgi_param SSL_PROTOCOL $ssl_protocol;
scgi_param HTTPS on;
scgi_param SSL_CIPHER $ssl_cipher;
scgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
scgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
scgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
scgi_param SSL_SESSION_ID $ssl_session_id;
scgi_param SSL_CLIENT_CERT $ssl_client_cert;
scgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
scgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
mic
2012/7/19 Derek <sp1d...@gmail.com>:
> 1. Take a look at x509_auth.py for information on how to do that. It's only
> 102 lines, so don't be daunted.
> 2. Yes.
>
>
>
> On Tuesday, July 17, 2012 4:12:50 PM UTC-7, tiadobatima wrote:
>>
>> Hi guys,
>>
>> After reading the docs, searching through old posts, and scouring the net,
>> I'm hoping someone can enlighten me regarding x509 auth:
>>
>> 1- How to retrieve the subject contained in the x509 certificate
>> (serialNumber, commonName, etc). Any example code?
>> 2- Does the current implementation of x509 auth require any of the
>> auth_XXXX tables in the database for anything?
>>
>> Thanks!
>>
>>
> --
>
>
>
--
