[Koha-bugs] [Bug 6296] Allow authentication to Koha via PKI / x.509 certificates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Nov 24 03:39:23 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296
Robin Sheat <robin at catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #5971|0 |1
is obsolete| |
--- Comment #13 from Robin Sheat <robin at catalyst.net.nz> 2011-11-24 02:39:23 UTC ---
Created attachment 6386
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6386
Bug 6296: allow users to be authenticated by SSL client certs
This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are passed to Koha.
Conflicts:
installer/data/mysql/sysprefs.sql
installer/data/mysql/updatedatabase.pl
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list