I am working on project and I need to get the value stored in the
header
(SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for
sometime in PHP by getting the value of
$_SERVER["SSL_CLIENT_S_DN_CN"] .
Now that I am trying some stuff in Rails I can''t seem to get
anywhere.
I try to do what you do above and I get a "Bad Request" when I have
SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able
to get up and running when I comment it out.
Here is my config:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 28800
SSLMutex "file:/var/run/ssl_mutex"
<VirtualHost *:443>
<Proxy balancer://mongrel_cluster>
BalancerMember http://127.0.0.1:3000
</Proxy>
# General setup for the virtual host
ServerName luther.example.com
ServerAdmin r...-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
RequestHeader set X_FORWARDED_PROTO ''https''
SSLUserName SSL_CLIENT_S_DN_CN
ProxyPass / balancer://mongrel_cluster/
ProxyPassReverse / balancer://mongrel_cluster/
ProxyPreserveHost ON
#Rewrite the REMOTE_USER env variable into the request header
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt"
SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
</VirtualHost>
And in an controller I am just doing:
<p><%= request.env[''SSL_CLIENT_S_DN_CN'']
%></p>
also tried
<%= request.env[''HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'']
%>
All I get is blank.
Any advice would be MUCH appreciated
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
On Thu, Mar 13, 2008 at 9:18 AM, Ben Murray <ben.h.murray-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > I am working on project and I need to get the value stored in the > header > (SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for > sometime in PHP by getting the value of> All I get is blank. > > Any advice would be MUCH appreciatedAs a "quick and nasty, see what the hell is happening" thing, I would put the following in your view: <pre> <%= session.to_yaml -%> </pre> That way you can see what the session actually contains and debug from there. Mikel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Fantastic! ... I did that and was able to see that I was calling it wrong! I was <%= request.env[''HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN''] %> and all I needed was <%request.env[''HTTP_X_FORWARDED_SSL_CLIENT_S_DN_CN''] %> This is great news thanks for all your help. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Sun, Mar 16, 2008 at 2:32 AM, Ben Murray <ben.h.murray-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Fantastic! ... I did that and was able to see that I was calling it > wrong!Good! :) That is a bit of a hackish way to do it though (putting it in the view). A better solution is making an around filter and then requesting it. Like here: http://www.lindsaar.net/2008/3/17/debugging-the-rails-session-store Mikel http://lindsaar.net/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---