Amit, in your model call the derived class
auth.settings.login_form = MyX509Auth() 2012/11/7 Michele Comitini <[email protected]> > simpatiCA makes the client certificates already with needed fields. > Since you use openssl directly you can set all the fields you need in the > certificates by changing openssl.cnf in your openssl installation. > There is plenty of documentation on that. > > OR you can extend the class X509Auth to fit your needs by overriding > get_user() > > > class MyX509Auth(X509Auth): > def get_user(): > self.subject.surname = <put something here > > X509Auth.get_user(self) > > > mic > > > > 2012/11/7 Amit <[email protected]> > >> Hi, >> I filled the email address in the certificate but what I think is problem >> with surname , please check below the log: >> >> >> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in >> get_user at line 91* code arguments variables >> Function argument list >> >> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>) >> Code listing >> >> 86. >> 87. >> 88. >> 89. >> 90. >> 91. >> >> 92. >> 93. >> 94. >> 95. >> >> >> p = profile = dict() >> >> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b), >> self.subject.CN or self.subject.commonName) >> >> >> p['first_name'] = reduce(lambda a,b: '%s | %s' % >> (a,b),self.subject.givenName or username) >> >> p['last_name'] = reduce(lambda a,b: '%s | %s' % >> (a,b),self.subject.surname) >> >> >> p['email'] = reduce(lambda a,b: '%s | %s' % (a,b),self.subject.Email >> or self.subject.emailAddress) >> >> >> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER >> p['registration_id'] = self.serial >> >> Variables >> a undefined b undefined builtinreduce <built-in function reduce> >> self.subject.surname [] self <gluon.contrib.login_methods.x509_auth.X509Auth >> object> self.subject <Storage {'Email': ['[email protected]'], >> ...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p {'first_name': >> 'A | m | i | t | 1 | | K | h | a | w | a | r | e', 'username': 'Amit1 >> Khaware'} >> >> And while generating the certificates it is not asking about surname, >> it's asking below information: >> >> Country Name (2 letter code) [US]: >> State or Province Name (full name) [CA]: >> Locality Name (eg, city) [San Diego]: >> Organization Name (eg, company) [Cafesoft LLC]: >> Organizational Unit Name (eg, section) []: >> Common Name (eg, YOUR name) []:*Cafesoft CA* >> Email Address [[email protected]]: >> >> Please enter the following 'extra' attributes >> to be sent with your certificate request >> A challenge password []:*password* >> An optional company name []: >> >> >> please check the link : >> >> >> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html >> >> So x509_auth.py expects surname but above link doesn't provide option to >> fill surname :( >> >> >> Regards, >> >> Amit >> >> >> >> >> >> >> >> >> On Tue, Nov 6, 2012 at 8:34 PM, Michele Comitini < >> [email protected]> wrote: >> >>> self.subject.Email is [] i.e. an empty list. Check if that is the >>> problem. >>> >>> mic >>> Il giorno 06/nov/2012 14:32, "Amit" <[email protected]> ha scritto: >>> >>>> I have used below link to generate server certificates, client >>>> certificates and CA certificates, imported client and CA certificates to >>>> Mozilla Firefox browser and then deploy server certificates and CA >>>> certificate to the Rocket server : >>>> >>>> D:\web2py2.1.1\web2py>web2py.py -a password -i 127.0.0.1 -p 8000 -c >>>> C:\OpenSSL-Win32\bin\cirrusAwareCA\server\certificates\server.test.com.crt >>>> -k C:\OpenSSL-Win32\bin\cirrusAwareCA\server\keys\server.test.com.key >>>> --ca-cert=C:\OpenSSL-Win32\bin\cirrusAwareCA\CA\cirrusAwareCA.crt >>>> >>>> Then Open browser type https://127.0.0.1:8000/MyApp/default/index >>>> >>>> Now its giving error: >>>> <type 'exceptions.TypeError'> reduce() of empty sequence with no >>>> initial value Error snapshot [image: help] >>>> >>>> <type 'exceptions.TypeError'>(reduce() of empty sequence with no >>>> initial value) >>>> >>>> inspect attributes >>>> Frames >>>> >>>> - >>>> >>>> *File D:\web2py2.1.1\web2py\gluon\restricted.py in restricted at >>>> line 209* code arguments variables >>>> - >>>> >>>> *File >>>> >>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py >>>> in <module> at line 76* code arguments variables >>>> - >>>> >>>> *File D:\web2py2.1.1\web2py\gluon\globals.py in <lambda> at line 187 >>>> * code arguments variables >>>> - >>>> >>>> *File >>>> >>>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py >>>> in user at line 38* code arguments variables >>>> Code listing >>>> >>>> 33. >>>> 34. >>>> 35. >>>> 36. >>>> 37. >>>> 38. >>>> >>>> 39. >>>> 40. >>>> 41. >>>> 42. >>>> >>>> use @auth.requires_login() >>>> @auth.requires_membership('group name') >>>> >>>> >>>> >>>> >>>> @auth.requires_permission('read','table name',record_id) >>>> >>>> >>>> >>>> >>>> to decorate functions that need access control >>>> """ >>>> return dict(form=auth()) >>>> >>>> >>>> >>>> def download(): >>>> """ >>>> >>>> - >>>> >>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in __call__ at line 1205* >>>> code arguments variables >>>> - >>>> >>>> *File D:\web2py2.1.1\web2py\gluon\tools.py in login at line 2016* >>>> code arguments variables >>>> - >>>> >>>> *File >>>> D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in >>>> get_user >>>> at line 91* code arguments variables >>>> Function argument list >>>> >>>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>) >>>> Code listing >>>> >>>> 86. >>>> 87. >>>> 88. >>>> 89. >>>> 90. >>>> 91. >>>> >>>> 92. >>>> 93. >>>> 94. >>>> 95. >>>> >>>> >>>> p = profile = dict() >>>> >>>> username = p['username'] = reduce(lambda a,b: '%s | %s' % >>>> (a,b), self.subject.CN or self.subject.commonName) >>>> >>>> >>>> >>>> >>>> p['first_name'] = reduce(lambda a,b: '%s | %s' % >>>> (a,b),self.subject.givenName or username) >>>> >>>> >>>> >>>> p['last_name'] = reduce(lambda a,b: '%s | %s' % >>>> (a,b),self.subject.surname) >>>> >>>> >>>> >>>> >>>> p['email'] = reduce(lambda a,b: '%s | %s' % >>>> (a,b),self.subject.Email or self.subject.emailAddress) >>>> >>>> >>>> >>>> >>>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER >>>> p['registration_id'] = self.serial >>>> >>>> Variables a undefined b undefined builtinreduce <built-in >>>> function reduce> self.subject.surname [] self >>>> <gluon.contrib.login_methods.x509_auth.X509Auth >>>> object> self.subject <Storage {'Email': [], 'C': ['IN'], >>>> 'serialNumbe...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p >>>> {'first_name': >>>> 'A | m | i | t', 'username': 'Amit'} >>>> >>>> >>>> Regards, >>>> Amit >>>> >>>> >>>> >>>> >>>> On Tue, Nov 6, 2012 at 6:42 PM, Michele Comitini < >>>> [email protected]> wrote: >>>> >>>>> https://github.com/web2py/web2py/blob/master/gluon/main.py#L824 >>>>> >>>>> The log seems to say that your certificate file is not there, or not >>>>> accessible >>>>> >>>>> mic >>>>> >>>>> >>>>> 2012/11/6 Amit <[email protected]> >>>>> >>>>>> I am using Python 2.7.2. >>>>>> >>>>>> On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> What is your python version? >>>>>>> >>>>>>> >>>>>>> 2012/11/6 Amit <[email protected]> >>>>>>> >>>>>>>> Hi Michele, >>>>>>>> I used Simpatica to generates the certificates but failed to deploy >>>>>>>> to the web2py server, please check once the first mail in this mail >>>>>>>> chain >>>>>>>> where I explained the problem in details. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Amit >>>>>>>> >>>>>>>> On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> I suggest looking at code gluon/contrib/login_methods/x509_auth.py. >>>>>>>>> Basically you can extract anything from client supplied cert and use >>>>>>>>> it >>>>>>>>> with the auth tables of web2py. That is really simple. >>>>>>>>> The tedious part id getting to know what stuff you can put in the >>>>>>>>> cert. That is more related to managing a CA than to web2py itself. >>>>>>>>> >>>>>>>>> I have written a simple but functional app for managing a little >>>>>>>>> CA: simpatiCA <http://goo.gl/nrAhS> ; it is simple enough to be >>>>>>>>> used as an example and extended to your needs. If you need a real CA >>>>>>>>> there >>>>>>>>> are more featured solutions around... >>>>>>>>> >>>>>>>>> mic >>>>>>>>> >>>>>>>>> >>>>>>>>> > PS: the man behind X509 auth code in web2py is mcm, sadly for >>>>>>>>> your it's documented how it works but not how to organize the certs >>>>>>>>> (which >>>>>>>>> in > theory you should know in advance) >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> >>>>>>>>> 2012/11/6 Niphlod <[email protected]> >>>>>>>>> >>>>>>>>>> hem... one thing is helping you to create certs and key for a SSL >>>>>>>>>> protected webserver, quite another to help you managing a credential >>>>>>>>>> store >>>>>>>>>> (I really don't have time for that). >>>>>>>>>> You have problems on finding out what OpenSSL is and want to >>>>>>>>>> manage X509 ? Really ? >>>>>>>>>> Maybe it's time to read some docs. >>>>>>>>>> >>>>>>>>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> PS: the man behind X509 auth code in web2py is mcm, sadly for >>>>>>>>>> your it's documented how it works but not how to organize the certs >>>>>>>>>> (which >>>>>>>>>> in theory you should know in advance) >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> >>>> >>>> >>>> >>> -- >>> >>> >>> >>> >> >> -- >> >> >> >> > > --
