stackoom
  简体   繁体   中英

SLL authenticate from apache in Django

 原文  2014-08-01 12:55:07       django/ apache

Question

I want to authenticate a user using information from x509 certificate... Apache seems to authenticate ok, but I get no REMOTE_USER content in Django. Don t know why.

apache config: 

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile    /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        SSLVerifyClient require
        SSLVerifyDepth 10
        SSLCACertificateFile /etc/apache2/ssl/ca.cer


        SSLOptions +StdEnvVars +ExportCertData

        <Directory />
                        Options FollowSymLinks
                        AllowOverride None
                        SSLOptions +StdEnvVars


        </Directory>
        <Directory /var/www/>
                        Options Indexes FollowSymLinks MultiViews
                        AllowOverride None
                        Order allow,deny
                        allow from all
        </Directory>
        WSGIDaemonProcess rmc_wsgi processes=2 threads=15 display-name=%{GROUP}
        WSGIScriptAlias /rmc /home/xxx/projects/rmc/rmc/wsgi.py
        <Location /rmc>
                WSGIProcessGroup rmc_wsgi
        </Location>


</VirtualHost>

Middleware: 

class CorrectRemoteUserMiddleware(RemoteUserMiddleware):
    header = "HTTP_REMOTE_USER"

backend 

class RemoteUserBackendNoCreate(RemoteUserBackend):
    create_unknown_user = True

    def authenticate(self, remote_user):
        user = super(self.__class__, self).authenticate(remote_user)
        print >> sys.stderr, ("AuthBackend: REMOTE_USER=" + remote_user + "AuthBackend: User=" + user)
        print >> sys.stderr, 'in authenticate'
        return user

settings.py: 

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'webrecif.middleware.CorrectRemoteUserMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.RemoteUserMiddleware',

)

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.RemoteUserBackend',
    'webrecif.backends.RemoteUserBackendNoCreate',
)

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.static',
)

1 answers

solution1
 3 ACCPTED  2014-08-01 14:53:16

I think you want to add SSLUserName SSL_CLIENT_S_DN_CN to your apache ssl conf; per http://httpd.apache.org/docs/2.2/mod/mod_ssl.html this will set the REMOTE_USER to the USER's Common Name. (Depending on many certs you support, you may want to use the DN to guarantee uniqueness). You may also need to add some modifications if your DN or CN exceed the Django username string length.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question authenticate from Flex in Django with pyAMF POST request from Django to authenticate an application with Django Restarting Apache from Django Django Authenticate How to authenticate against Django from Drupal? How to Authenticate a Django user from another application Using Django to authenticate user from Flask How to authenticate User from mysql in django? Is it possible to authenticate against a single source from two distinct Django deployments? How to get session and authenticate user information from iphone to django?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM