[Moin-user] Question of auto create user profile via SSL client certification authentication

Tue, 03 Nov 2009 08:14:08 -0800 

Dear All,

I met some problems with Moin configuration about SSL authentication.
I have self-signed certificates for my wiki server and users.
Now I would like to use certificates to do authentication. Here is my
reference: http://moinmo.in/HelpOnAuthentication
As the section "SSL client certification authentication" said, I can use
"autocreate" parameter to create user profile automatically once users pass
SSL check.
But it does not work in my wiki server. Could you help me to check my
configuration if something wrong? Thanks a lot.

Add two lines at wikiconfig.py:
    from MoinMoin.auth.sslclientcert import SSLClientCertAuth
    auth = [SSLClientCertAuth(autocreate=['True'])]

At http.conf, I did the following configuration:
    Alias /moin_static184/ "/var/www/mywiki/htdocs/"
    WSGIScriptAlias /mywiki /var/www/mywiki/moin.wsgi
    WSGIDaemonProcess mywiki user=apache group=apache processes=5 threads=10
maximum-requests=1000 umask=0007
    WSGIProcessGroup mywiki
    WSGIPassAuthorization On

    <Location /mywiki>
        SetHandler python-program
        # Add the path of your wiki directory
        PythonPath "['/var/www/mywiki',
'/usr/local/lib/python2.4/site-packages'] + sys.path"
        PythonHandler MoinMoin.request.request_modpython::Request.run
        SSLVerifyClient require
        SSLUserName SSL_CLIENT_S_DN
        SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
                 and %{SSL_CLIENT_S_DN_OU} in {"GRID"})
    </Location>

I can access my wiki page with security http and see my DN shown in the
ssl_sccess.log. But the user profile can not be created automatically.
Any idea about this? Thanks a lot.

All the Best.
Jhen-Wei Huang

-- 
OPS Team, ASGC
Tel:  +886-2-2789-8311
Fax: +886-2-2783-7653

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Moin-user mailing list
Moin-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user

Reply via email to