Hi Mohamed,
> With that being said, it's not limited to http basic auth, but i
guess to any auth supported in Apache as long as environment variables
are exposed so that these can be consumed by OpenXPKI yaml files.
Thats correct, you can use any mod_authz compatible module (which is
Basic Auth) or also any module that exposes the authentication results
via the enviroment. This is exactly how to integrate with wg. Microsoft
Azure AD via mod_auth_mellon or Google OICD or even commercial vendors
that provide apache modules like RSA Cleartrust.
best regards
Oliver
On 13.12.23 10:02, Mo Be wrote:
Me again,
With a little perserverance I managed to extract the missing
information from the code (or the docs, can't remember).
It's a two steps configuration :
1- And the easiest one because it is found in official docs in a very
clear way, that I reminded in the current thread: we need to create a
stack that references the NoAuth handler, and assign the "REMOTE_USER"
(exposed apache env) to the key "username" in EST yaml file
2- The tricky part I would say, because it is a little bit hidden:
it's the other EST configuration file (or the global config file)
which is actually where the stack is chosen (the new created stack
that references the handler with corresponding exposed Apache values
in this case).
With that being said, it's not limited to http basic auth, but i guess
to any auth supported in Apache as long as environment variables are
exposed so that these can be consumed by OpenXPKI yaml files.
Mohamed
Le ven. 27 oct. 2023 à 13:24, Mo Be <mopra...@gmail.com> a écrit :
Me again,
It's the apache conf, at
*openxpki-config/contrib/apache2-openxpki-site.conf,* that needs
to be updated with the right code (to support basic authentication).
That code can easily be found in apache docs, or in the internet:
how to enable basic auth in apache. (for the people who are not
familiar with apache and linux and whatsoever, like myself)
Though, I don't know how to consume the details such as the
username from apache and use it in the workflow.
Current state:
I send a curl authenticated with basic auth, say bob.
But when i see the catchall.log, i see user "Anonymous".
Even though, I followed the docs and added the stack and handler,
it appears i'm still missing something.
My stack.yml looks like this,
I tried both with envkeys and without
_BasicAuth:
handler: ExternalAuth
type: client # looks like a label, not sure what type means in
this context
username: REMOTE_USER
# envkeys:
# username: REMOTE_USER
And the handler
ExternalAuth:
type: NoAuth
role: Anonynous
A little help on this?
Thank you
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
