You are here: Home Plone products PASSSL Authentication

PASSSL Authentication (1.0.4)

by Olha Pelishok last modified 2009-03-13
Released on 2009-03-10 by Marc Mengel for Plone 2.5 under GPL - GNU General Public License available for All platforms.
Software development stage: stable
A PAS module which uses SSL user certificates rather than passwords to authenticate users.

This package is a cleaned up version of my old gruf_ssl package, which has been in use at Fermilab now for a few years.

We're using it with Plone behind an Apache proxy, who passes in the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values as http headers when it proxies.  This requires a few rules like:

# add headers for ssl cert stuff
RewriteCond %{ENV:did_ssl} !="done"
RewriteRule (.*) $1 [env=s_dn:%{SSL:SSL_CLIENT_S_DN},env=i_dn:%{SSL:SSL_CLIENT_I_DN},env=did_ssl:done]
RequestHeader set "X-s-dn" "%{s_dn}e"
RequestHeader set "X-i-dn" "%{i_dn}e"
to get the SSL header info through to the proxied Plone site.
Document Actions
Powered by Plone