PASSSL Authentication (1.0.4)
by
Olha Pelishok
—
last modified
2009-03-13
Released on 2009-03-10 by Marc Mengel for Plone 2.5 under GPL - GNU General Public License available for All platforms.
Software development stage: stable
- PASSSL Authentication download link: http://plone.org/products/passsl-authentication/releases
- Homepage of PASSSL Authentication: http://plone.org/products/passsl-authentication
- PASSSL Authentication repository: http://cdcvs0.fnal.gov/cgi-bin/public-cvs/cvsweb-public.cgi/mwmplone/PASSSL/
- Description source: http://plone.org/products/passsl-authentication
A PAS module which uses SSL user certificates rather than passwords to authenticate users.
This package is a cleaned up version of my old gruf_ssl package, which has been in use at Fermilab now for a few years.
We're using it with Plone behind an Apache proxy, who passes in the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values as http headers when it proxies. This requires a few rules like:
# add headers for ssl cert stuff RewriteCond %{ENV:did_ssl} !="done" RewriteRule (.*) $1 [env=s_dn:%{SSL:SSL_CLIENT_S_DN},env=i_dn:%{SSL:SSL_CLIENT_I_DN},env=did_ssl:done] RequestHeader set "X-s-dn" "%{s_dn}e" RequestHeader set "X-i-dn" "%{i_dn}e"to get the SSL header info through to the proxied Plone site.