mod_ssl can stuff the information about the mTLS information into server environment variables. If you are using mod_wsgi you should be able to retrieve those. mod_ssl will validate the certificate is valid, and place the information (such as subject name) in the environment and you can use that in your Pyramid application by pulling it out of the environ.
See https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#envvars for more information. You can then write a Pyramid authentication provider that validates the information in the environment. > On Nov 15, 2023, at 11:06, Thierry Florac <[email protected]> wrote: > > Hi Theron, > > I'm not sure of the exact naming of this! > The common idea behind it is just to use an SSL client certificate as a > credential to authenticate an incoming request; this is generally used to > authenticate a remote application more than a common user... > > Regards, > Thierry > -- > https://www.ulthar.net <https://www.ulthar.net/> -- > http://pyams.readthedocs.io <http://pyams.readthedocs.io/> > > Le mer. 15 nov. 2023 à 18:43, Theron Luhn <[email protected] > <mailto:[email protected]>> a écrit : >> I’m unsure what this “request credential” is. Are you talking about TLS >> Mutual Auth? >> >> — Theron >> >> >> >>> On Nov 15, 2023, at 6:13 AM, Thierry Florac <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi, >>> My problem is probably quite simple: I would like to be able, in a Pyramid >>> application, to create a custom security policy which could use an SSL >>> client certificate as a request credential to handle authentication >>> (authorized certificates being referenced in a database or stored in a >>> specific server directory). >>> This application is then supposed to be published via mod_wsgi in an Apache >>> server located behind an HAProxy. >>> I tried to search here and there but didn't find any information about >>> this... >>> Any hint? >>> >>> Best regards, >>> Thierry >>> -- >>> https://www.ulthar.net <https://www.ulthar.net/> -- >>> http://pyams.readthedocs.io <http://pyams.readthedocs.io/> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "pylons-discuss" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWBosR7p%3DLb%2BzEXWKuwuuENy6CORPrVpHaRMU9qWV4uW4g%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWBosR7p%3DLb%2BzEXWKuwuuENy6CORPrVpHaRMU9qWV4uW4g%40mail.gmail.com?utm_medium=email&utm_source=footer>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "pylons-discuss" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/pylons-discuss/57B4950A-F6F9-432B-81C8-81566502F94C%40luhn.com >> >> <https://groups.google.com/d/msgid/pylons-discuss/57B4950A-F6F9-432B-81C8-81566502F94C%40luhn.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWD9vFNoJ1tqUs3_PoP7AB6P%3D6cDiawLQ66FYy2NJR-fSA%40mail.gmail.com > > <https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWD9vFNoJ1tqUs3_PoP7AB6P%3D6cDiawLQ66FYy2NJR-fSA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/9D206192-A136-41A4-AB5D-0F899F055B0F%400x58.com.
