[英]SLL authenticate from apache in Django
我想使用x509證書中的信息對用戶進行身份驗證... Apache似乎可以進行身份驗證,但是Django中沒有REMOTE_USER內容。 不知道為什么。
apache的配置:
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /etc/apache2/ssl/ca.cer
SSLOptions +StdEnvVars +ExportCertData
<Directory />
Options FollowSymLinks
AllowOverride None
SSLOptions +StdEnvVars
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
WSGIDaemonProcess rmc_wsgi processes=2 threads=15 display-name=%{GROUP}
WSGIScriptAlias /rmc /home/xxx/projects/rmc/rmc/wsgi.py
<Location /rmc>
WSGIProcessGroup rmc_wsgi
</Location>
</VirtualHost>
中間件:
class CorrectRemoteUserMiddleware(RemoteUserMiddleware):
header = "HTTP_REMOTE_USER"
后端
class RemoteUserBackendNoCreate(RemoteUserBackend):
create_unknown_user = True
def authenticate(self, remote_user):
user = super(self.__class__, self).authenticate(remote_user)
print >> sys.stderr, ("AuthBackend: REMOTE_USER=" + remote_user + "AuthBackend: User=" + user)
print >> sys.stderr, 'in authenticate'
return user
settings.py:
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'webrecif.middleware.CorrectRemoteUserMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
)
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.RemoteUserBackend',
'webrecif.backends.RemoteUserBackendNoCreate',
)
TEMPLATE_CONTEXT_PROCESSORS = (
'django.contrib.auth.context_processors.auth',
'django.core.context_processors.static',
)
我認為您想將SSLUserName SSL_CLIENT_S_DN_CN添加到您的apache ssl conf; 按照http://httpd.apache.org/docs/2.2/mod/mod_ssl.html進行設置,這會將REMOTE_USER設置為USER的公用名。 (取決於您支持的許多證書,您可能希望使用DN來保證唯一性)。 如果您的DN或CN超過Django用戶名字符串長度,則可能還需要添加一些修改。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.