Hi, In this file you can check the headers used by the x509 auth https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/X509CloudAuth.rb
an this is an old guide on how to setup this configuration in Apache: http://community.opennebula.org/sunstone_x509 Hope this helps On 10 February 2015 at 17:16, Daniel Dehennin <daniel.dehen...@baby-gnu.org> wrote: > Hello, > > I would like to mix the authentication methods on Sunstone. > > I created an X509 user[1] and the one* CLI are working with it. > > According to the documentation[2], I need to switch Sunstone to “x509”, > but I thought that using “:auth: opennebula” permit to use whatever is > configured for the user. > > I first try as explained in the documentation: > > - set “:auth: x509” in sunstone > > - install user certificate authority to “/etc/one/auth/certificates/” > > - configure my nginx as describe in attachement > > - install the user x509 certificate on my iceweasel 35.0.1 browser > > When I access Sunstone, my browser ask me to choose my certificate but I > finish on login page with only a “Login” button plus the “Keep me logged > in” checkbox. > > I should have miss some headers to add to my Requests. > > Any hints? > > Regards. > > Footnotes: > [1] > http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html > > [2] > http://docs.opennebula.org/4.10/administration/authentication/x509_auth.html#enabling-x509-auth-in-sunstone > > -- > Daniel Dehennin > Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF > Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF > > > # Opennebula Sunstone > upstream sunstone { > server 127.0.0.1:9869; > } > > upstream onerpc { > server 127.0.0.1:2633; > } > > # Port 80 redirected to SSL > server { > listen 80; > server_name nebula.example.net; > > location / { > return 301 https://$host$request_uri?; > } > } > > > # SSL reverse-proxy > server { > listen 443 default_server; > listen [::]:443 default_server ipv6only=on; > > ssl on; > ssl_certificate /etc/nginx/ssl/server.crt; > ssl_certificate_key /etc/nginx/ssl/server.key; > ssl_client_certificate /etc/nginx/ssl/ca.crt; > ssl_verify_client optional; > > root /usr/share/nginx/html; > index index.html index.htm; > > server_name nebula.example.net; > > access_log /var/log/nginx/opennebula-sunstone-access.log; > error_log /var/log/nginx/opennebula-sunstone-error.log; > > client_max_body_size 5G; > > location / { > try_files $uri @sunstone; > } > > location /RPC2 { > include proxy_params; > proxy_pass http://onerpc; > } > > location @sunstone { > include proxy_params; > proxy_set_header SSL_CLIENT_S_DN $ssl_client_s_dn; > proxy_set_header SSL_CLIENT_I_DN $ssl_client_i_dn; > proxy_set_header SSH_CLIENT_VERIFY $ssl_client_verify; > proxy_set_header SSH_CLIENT_CERT $ssl_client_cert; > > include ssl_parms; > proxy_pass http://sunstone; > } > } > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
