Re: [web2py] Re: x509 authentication

Fri, 20 Jul 2012 05:30:41 -0700 

Thanks guys!

I'm using nginx too, and I followed roughly the same steps but using uwsgi.
Michelle, I know you wrote the code, but I believe X509Account should be 
replaced with X509Auth, no?

    from gluon.contrib.login_methods.x509_auth import X509Auth 
    auth.settings.actions_disabled=['register','change_password', 
                                    'request_reset_password','profile'] 
    auth.settings.login_form = X509Autht() 

Cheers,
g.
On Thursday, 19 July 2012 13:27:30 UTC-7, Michele Comitini wrote:
>
> - Install M2Crypto. 
> - If you use rocket be sure to pass the --ca-cert option or if you use 
> another server configure the server to support client certificate 
> validation and to pass needed SSL variables in wsgi environment*. 
> -  In you model put the following: 
>
>     from gluon.contrib.login_methods.x509_auth import X509Account 
>     auth.settings.actions_disabled=['register','change_password', 
>                                     'request_reset_password','profile'] 
>     auth.settings.login_form = X509Account() 
>
>
> *for example in nginx + scgi setup to  pass environment variables add 
> the following in the ssl server stanza: 
>
>                          scgi_param SSL_PROTOCOL $ssl_protocol; 
>                          scgi_param HTTPS on; 
>                          scgi_param SSL_CIPHER $ssl_cipher; 
>                          scgi_param SSL_CLIENT_SERIAL $ssl_client_serial; 
>                          scgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; 
>                          scgi_param SSL_CLIENT_I_DN $ssl_client_i_dn; 
>                          scgi_param SSL_SESSION_ID $ssl_session_id; 
>                          scgi_param SSL_CLIENT_CERT $ssl_client_cert; 
>                          scgi_param SSL_CLIENT_RAW_CERT 
> $ssl_client_raw_cert; 
>                          scgi_param SSL_CLIENT_VERIFY $ssl_client_verify; 
>
> mic 
>
>
>
> 2012/7/19 Derek <xxxx...@gmail.com <sp1d...@gmail.com>>: 
> > 1. Take a look at x509_auth.py for information on how to do that. It's 
> only 
> > 102 lines, so don't be daunted. 
> > 2. Yes. 
> > 
> > 
> > 
> > On Tuesday, July 17, 2012 4:12:50 PM UTC-7, tiadobatima wrote: 
> >> 
> >> Hi guys, 
> >> 
> >> After reading the docs, searching through old posts, and scouring the 
> net, 
> >> I'm hoping someone can enlighten me regarding x509 auth: 
> >> 
> >> 1- How to retrieve the subject contained in the x509 certificate 
> >> (serialNumber, commonName, etc). Any example code? 
> >> 2- Does the current implementation of x509 auth require any of the 
> >> auth_XXXX tables in the database for anything? 
> >> 
> >> Thanks! 
> >> 
> >> 
> > -- 
> > 
> > 
> > 
>

--

Reply via email to