I am glad someone is using x509 Auth, it is a very simple way to handle
user security,
One important piece of the puzzle (with apache) is:
SSLVerifyClient optional
The optional allows one to accept any user on the website, while having
some web2py actions require a valid user certificate
just by adding the standard @auth.requires_login()
## Client Authentication (Type):
# Client certificate verification type and depth. Types are none,
optional,
# require and optional_no_ca. Depth is a number which specifies how
deeply
# to verify the certificate issuer chain before deciding the
certificate is
# not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
2015-03-11 12:27 GMT+01:00 LoveWeb2py <[email protected]>:
> Those are exactly the two I don't have so far from the list I saw in
> another post I have:
>
> SSL_CIPHER, SSL_CLIENT_I_DN, SSL_CLIENT_CERT, SSL_CLIENT_VERIFY
>
> The following are not being passed (probably a problem with my ssl.conf:
> SSL_CLIENT_RAW_CERT, SSL_SESSION_ID, SSL_CLIENT_SERIAL
>
> Almost there! :) I'll post the fix when I find it
>
>
> On Tuesday, March 10, 2015 at 7:56:45 PM UTC-4, Niphlod wrote:
>>
>> debug it, debug it, debug it.
>>
>> AFAICS, x509_auth.py requires:
>>
>> ssl_client_raw_cert
>> optional ssl_client_serial
>>
>> On Wednesday, March 11, 2015 at 12:04:51 AM UTC+1, LoveWeb2py wrote:
>>>
>>> so I did {{=request.env}} and I can see the SSL DATA certificate in
>>> another app, but for some reason the app that requires the data isn't being
>>> passed. Going to keep troubleshooting that app because I really want to use
>>> the x509 authentication with web2py!!
>>>
>>> for some reason the x509 auth isn't working still. Going to keep
>>> pressing and will post a fix when I find it. Thank you so much for your
>>> help Niphlod. I hope this helps others in the future!
>>>
>>>
>>>
>>> On Tuesday, March 10, 2015 at 6:40:29 PM UTC-4, Niphlod wrote:
>>>>
>>>> what if you return somewhere this dict (takes the "SSL*" env variables
>>>> and prints it)
>>>>
>>>> def yourcode():
>>>> .........
>>>> debug_values = {}
>>>> for k, v in request.env.iteritems():
>>>> if k.lower().startswith('ssl'):
>>>> debug_values[k] = v
>>>> .........
>>>> return dict(........., debug_values=debug_values)
>>>>
>>>> just to see if those gets indeed passed along.
>>>>
>>>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
