thr3ads.net - Rails - PKI Authentication [Mar 2008]

If this information is useful, please help other people find it:
Share via:
ben.h.murray-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2008-Mar-04 06:17 UTC
PKI Authentication

I am working on project and I need to get the value stored in
SSL_CLIENT_S_DN_CN .  We have been doing PKI authentication for
sometime
in PHP by getting the value of $_SERVER["SSL_CLIENT_S_DN_CN"] .

Now that I am trying some stuff in Rails I can''t seem to get anywhere.
I try to do what you do above and I get a "Bad Request" when I have
SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file.  I am able
to
get up and running when I comment it out.

Here is my config:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  28800

SSLMutex  "file:/var/run/ssl_mutex"

<VirtualHost *:443>
<Proxy balancer://mongrel_cluster>
 BalancerMember http://127.0.0.1:3000
</Proxy>

#   General setup for the virtual host
ServerName luther.example.com
ServerAdmin root-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"

RequestHeader set X_FORWARDED_PROTO ''https''
SSLUserName SSL_CLIENT_S_DN_CN

ProxyPass / balancer://mongrel_cluster/
ProxyPassReverse / balancer://mongrel_cluster/
ProxyPreserveHost ON

#Rewrite the REMOTE_USER env variable into the request header
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt"

SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt"
SSLVerifyClient require
SSLVerifyDepth  10

SSLOptions +StdEnvVars +ExportCertData

</VirtualHost>


 And in an controller I am just doing:

<p><%= request.env[''SSL_CLIENT_S_DN_CN'']
%></p>
also tried
<p><%=
request.env[''HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'']
%></p>

All I get is blank.

Any advice would be MUCH appreciated
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Rails - Mar 2008 - PKI Authentication

PKI Authentication
