mod_ssl can stuff the information about the mTLS information into server
environment variables. If you are using mod_wsgi you should be able to retrieve
those. mod_ssl will validate the certificate is valid, and place the
information (such as subject name) in the environment and you can use
Hi Thierry,
You'll have to define a way to send the certificate through http/https
calls since I don't think there is a normalized way to do that.
Once you've defined that, the certificate can be retrieved server side
and validated like you would do with a bearer token for example.
Best
Hi Theron,
I'm not sure of the exact naming of this!
The common idea behind it is just to use an SSL client certificate as a
credential to authenticate an incoming request; this is generally used to
authenticate a remote application more than a common user...
Regards,
Thierry
--
I’m unsure what this “request credential” is. Are you talking about TLS Mutual
Auth?
— Theron
> On Nov 15, 2023, at 6:13 AM, Thierry Florac wrote:
>
> Hi,
> My problem is probably quite simple: I would like to be able, in a Pyramid
> application, to create a custom security policy which
Hi,
My problem is probably quite simple: I would like to be able, in a Pyramid
application, to create a custom security policy which could use an SSL
client certificate as a request credential to handle authentication
(authorized certificates being referenced in a database or stored in a
specific
Obrigado Michael!!
Com os melhores cumprimentos / Best regards / Cordialement / Saludos
cordiales
Oberdan Costa , PhD
oberdan.co...@ufp.edu.pt
Tele móvel : +55 98 98802 1333
https://orcid.org/-0002-2448-5247
https://www.linkedin.com/in/oberdan-costa-0807572/
Em ter., 14 de nov. de 2023 às