plugin:authclientcert
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
plugin:authclientcert [2019-09-12 21:09] – http://github to https://github Aleksandr | plugin:authclientcert [2019-10-25 10:12] (current) – Dr-Yukon | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
---- plugin ---- | ---- plugin ---- | ||
description: | description: | ||
- | author | + | author |
email : pawel.jasinski@gmail.com | email : pawel.jasinski@gmail.com | ||
type : auth | type : auth | ||
Line 9: | Line 9: | ||
compatible : Greebo | compatible : Greebo | ||
depends | depends | ||
- | conflicts | + | conflicts |
similar | similar | ||
tags : authentication x509 smartcard | tags : authentication x509 smartcard | ||
Line 15: | Line 15: | ||
downloadurl: | downloadurl: | ||
bugtracker : https:// | bugtracker : https:// | ||
- | sourcerepo : https:// | + | sourcerepo : https:// |
donationurl: | donationurl: | ||
Line 29: | Line 29: | ||
The following table shows mapping between certificate fields and user info. | The following table shows mapping between certificate fields and user info. | ||
- | ^Certificate | + | ^ Certificate |
- | |name employeeNumber (OID: | + | | name employeeNumber (OID: |
- | |extensions subjectAltName email |email| | + | | extensions subjectAltName email |email |
- | |subject CN | real name| | + | | subject CN | real name| |
- | + | ||
- | * User name is sanitized the same way as in authplain plugin - e.g. all character are converted to lowercase. | + | |
If the certificate is present and all of the above fields are not empty, a user is logged in. New users are created on the first login - random passwords are generated for consistency. | If the certificate is present and all of the above fields are not empty, a user is logged in. New users are created on the first login - random passwords are generated for consistency. | ||
+ | |||
Logging out and profile editing are disabled. However, the administrator can modify group membership or delete | Logging out and profile editing are disabled. However, the administrator can modify group membership or delete | ||
- | Authclientcert plugin uses [[plugin: | + | Authclientcert plugin uses [[plugin: |
===== Installation ===== | ===== Installation ===== | ||
* Install the plugin using the [[plugin: | * Install the plugin using the [[plugin: | ||
- | |||
* Disable anonymous access and self registration | * Disable anonymous access and self registration | ||
- | |||
* Select plugin as a authentication backend | * Select plugin as a authentication backend | ||
- | |||
* Configure reverse proxy to validate and deliver certificate in X_SSL_CLIENTCERT_BASE64 header | * Configure reverse proxy to validate and deliver certificate in X_SSL_CLIENTCERT_BASE64 header | ||
- | |||
* Configure name of http header where certificate is delivered HTTP_X_SSL_CLIENTCERT_BASE64 | * Configure name of http header where certificate is delivered HTTP_X_SSL_CLIENTCERT_BASE64 | ||
- | |||
* Configure name of the group where new users are assigned. | * Configure name of the group where new users are assigned. | ||
- | |||
===== Development ===== | ===== Development ===== | ||
Line 74: | Line 66: | ||
The selection of the fields and mapping is hard coded to match content of a smartcard I have. It is very likely that the selection does not match your cetificate. | The selection of the fields and mapping is hard coded to match content of a smartcard I have. It is very likely that the selection does not match your cetificate. | ||
+ | |||
The easiest way to adjust it is to edit plugins auth.php. | The easiest way to adjust it is to edit plugins auth.php. | ||
Long term it make sense to capture most common cases as configuration. Please, let me know about your needs by opening an issue at [[https:// | Long term it make sense to capture most common cases as configuration. Please, let me know about your needs by opening an issue at [[https:// | ||
- | |||
===== FAQ ===== | ===== FAQ ===== | ||
- | |||
===== Discussion ===== | ===== Discussion ===== | ||
- | |||
- | |||
- | |||
plugin/authclientcert.txt · Last modified: 2019-10-25 10:12 by Dr-Yukon