[Koha-bugs] [Bug 6296] Allow authentication to Koha via PKI / x.509 certificates

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Jun 14 09:36:53 CEST 2011


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296

--- Comment #1 from Robin Sheat <robin at catalyst.net.nz> 2011-06-14 07:36:53 UTC ---
Created attachment 4452
  --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4452
Bug 6296: allow users to be authenticated by SSL client certs

This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress

If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.

The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.

This is an example of what might go in the Apache configuration for the
virtual host:

    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
    SSLOptions +StdEnvVars

The last line ensures that the required details are passed to Koha.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.


More information about the Koha-bugs mailing list