| Another example is that Envoy as a proxy supports adding the x-forwarded-client-cert header to your requests after it validates it.
- Michael mod_ssl can stuff the information about the mTLS information into server environment variables. If you are using mod_wsgi you should be able to retrieve those. mod_ssl will validate the certificate is valid, and place the information (such as subject name) in the environment and you can use that in your Pyramid application by pulling it out of the environ.
You can then write a Pyramid authentication provider that validates the information in the environment.
Hi Theron,
I'm not sure of the exact naming of this! The common idea behind it is just to use an SSL client certificate as a credential to authenticate an incoming request; this is generally used to authenticate a remote application more than a common user...
Regards, Thierry
I’m unsure what this “request credential” is. Are you talking about TLS Mutual Auth?
Hi, My problem is probably quite simple: I would like to be able, in a Pyramid application, to create a custom security policy which could use an SSL client certificate as a request credential to handle authentication (authorized certificates being referenced in a database or stored in a specific server directory). This application is then supposed to be published via mod_wsgi in an Apache server located behind an HAProxy. I tried to search here and there but didn't find any information about this... Any hint?
Best regards, Thierry
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWBosR7p%3DLb%2BzEXWKuwuuENy6CORPrVpHaRMU9qWV4uW4g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/57B4950A-F6F9-432B-81C8-81566502F94C%40luhn.com.
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWD9vFNoJ1tqUs3_PoP7AB6P%3D6cDiawLQ66FYy2NJR-fSA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/9D206192-A136-41A4-AB5D-0F899F055B0F%400x58.com.
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/705EFD2B-6A66-4504-A76B-207CD14BA0FD%40gmail.com.
|
