DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
plugin:authclientcert

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
plugin:authclientcert [2019-09-12 21:09] – http://github to https://github Aleksandrplugin:authclientcert [2019-10-25 10:12] (current) Dr-Yukon
Line 1: Line 1:
-====== authclientcert Plugin ======+====== AuthClientCert Plugin ======
  
 ---- plugin ---- ---- plugin ----
 description: Authenticate and create user from client x509 certificate description: Authenticate and create user from client x509 certificate
-author     : paweljasinski+author     : Pawel Jasinski
 email      : pawel.jasinski@gmail.com email      : pawel.jasinski@gmail.com
 type       : auth type       : auth
Line 9: Line 9:
 compatible : Greebo compatible : Greebo
 depends    : authplain depends    : authplain
-conflicts  :+conflicts authchained
 similar    : authhttp, authremoteuser similar    : authhttp, authremoteuser
 tags       : authentication x509 smartcard tags       : authentication x509 smartcard
Line 15: Line 15:
 downloadurl: https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/zipball/master downloadurl: https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/zipball/master
 bugtracker : https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/issues bugtracker : https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/issues
-sourcerepo : https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/+sourcerepo : https://github.com/paweljasinski/dokuwiki-plugin-authclientcert
 donationurl: donationurl:
  
Line 29: Line 29:
 The following table shows mapping between certificate fields and user info. The following table shows mapping between certificate fields and user info.
  
-^Certificate  ^User Info^ +^ Certificate  ^ User Info  
-|name employeeNumber (OID:2.16.840.1.113730.3.1.3)  |user*| +| name employeeNumber (OID:2.16.840.1.113730.3.1.3)  | user((User name is sanitized the same way as in authplain plugin -- e.g. all character are converted to lowercase.))  | 
-|extensions subjectAltName email  |email| +| extensions subjectAltName email  |email 
-|subject CN | real name| +| subject CN  | real name|
- +
-User name is sanitized the same way as in authplain plugin - e.g. all character are converted to lowercase.+
  
 If the certificate is present and all of the above fields are not empty, a user is logged in. New users are created on the first login - random passwords are generated for consistency. If the certificate is present and all of the above fields are not empty, a user is logged in. New users are created on the first login - random passwords are generated for consistency.
 +
 Logging out and profile editing are disabled. However, the administrator can modify group membership or delete  a user. Logging out and profile editing are disabled. However, the administrator can modify group membership or delete  a user.
  
-Authclientcert plugin uses [[plugin:authplain]] as backend storage. +Authclientcert plugin uses [[plugin:authplain]] as back-end storage.
  
 ===== Installation ===== ===== Installation =====
  
   * Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin. Refer to [[:Plugins]] on how to install plugins manually.   * Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin. Refer to [[:Plugins]] on how to install plugins manually.
- 
   * Disable anonymous access and self registration   * Disable anonymous access and self registration
- 
   * Select plugin as a authentication backend   * Select plugin as a authentication backend
- 
   * Configure reverse proxy to validate and deliver certificate in X_SSL_CLIENTCERT_BASE64 header   * Configure reverse proxy to validate and deliver certificate in X_SSL_CLIENTCERT_BASE64 header
- 
   * Configure name of http header where certificate is delivered HTTP_X_SSL_CLIENTCERT_BASE64   * Configure name of http header where certificate is delivered HTTP_X_SSL_CLIENTCERT_BASE64
- 
   * Configure name of the group where new users are assigned.   * Configure name of the group where new users are assigned.
- 
  
 ===== Development ===== ===== Development =====
Line 74: Line 66:
  
 The selection of the fields and mapping is hard coded to match content of a smartcard I have. It is very likely that the selection does not match your cetificate. The selection of the fields and mapping is hard coded to match content of a smartcard I have. It is very likely that the selection does not match your cetificate.
 +
 The easiest way to adjust it is to edit plugins auth.php. The easiest way to adjust it is to edit plugins auth.php.
  
 Long term it make sense to capture most common cases as configuration. Please, let me know about your needs by opening an issue at [[https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/issues|Github]], or even better create a PR. Long term it make sense to capture most common cases as configuration. Please, let me know about your needs by opening an issue at [[https://github.com/paweljasinski/dokuwiki-plugin-authclientcert/issues|Github]], or even better create a PR.
- 
  
 ===== FAQ ===== ===== FAQ =====
- 
  
 ===== Discussion ===== ===== Discussion =====
- 
- 
- 
  
plugin/authclientcert.txt · Last modified: 2019-10-25 10:12 by Dr-Yukon
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links