[Koha-bugs] [Bug 6296] Allow authentication to Koha via PKI / x.509 certificates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 14 09:36:53 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296
--- Comment #1 from Robin Sheat <robin at catalyst.net.nz> 2011-06-14 07:36:53 UTC ---
Created attachment 4452
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4452
Bug 6296: allow users to be authenticated by SSL client certs
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are passed to Koha.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list