Code

Opened 8 years ago

Closed 7 years ago

#2938 closed enhancement (wontfix)

SSLVerifyClient client certificate variables

Reported by: karpet@… Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Our systems are all locked down to client certificate, and then usually a user is identified by the email address field on their certificate. I've initially added support for accessing the apache variable (SSL_CLIENT_S_DN_Email) by adding the following function to ModPythonRequest:

def ssl_var_lookup(self, variable_name):
        return self._req.ssl_var_lookup(variable_name)

It'd be nice to have this, or an equivalent, available without patching my django source. It would also be nice to have this usable to secure the admin sections as well instead of using passwords.

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by ubernostrum

  • Resolution set to worksforme
  • Status changed from new to closed

Unless I'm misunderstanding, the auth system should be able to handle this, because it supports dropping in your own custom authentication schemes, which can be based on anything; there are a couple LDAP auth schemes for Django floating around, for example. See here for documentation on how to do so: http://www.djangoproject.com/documentation/authentication/#writing-an-authentication-backend

comment:2 Changed 7 years ago by karpet@…

  • Component changed from Admin interface to Core framework
  • Resolution worksforme deleted
  • Status changed from closed to reopened

OK, the SSL variable -> User lookup can actually be done with a custom Authentication Middleware.
I still can't find any way to access apache/mod_python's SSL Certificate variables without the above mod to django.core.handlers.ModPythonRequest

comment:3 Changed 7 years ago by adrian

  • Resolution set to wontfix
  • Status changed from reopened to closed

This is too much of an edge case to add to Django.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.