If you do not have the email you can use the registration_id and username fields. Most details are on the book: http://web2py.com/books/default/chapter/29/09/access-control
2015-03-11 14:08 GMT+01:00 Michele Comitini <michele.comit...@gmail.com>: > You can read any of the fields a certificate contains eventually. > see here for some ideas: https://code.google.com/p/simpatica/ > > It's a working PKI that allows to generate csr and sign them with a valid > signin certificate > > 2015-03-11 13:48 GMT+01:00 LoveWeb2py <atayloru...@gmail.com>: > >> Once authentication happens how can I make them members of groups. I >> notice now they don't have an entry in Auth user. Should I have them >> register first and once they're reigstered they can use PKI authentication? >> This is uncharted waters for me so I'm trying to figure out the best >> approach for it. >> >> On Wednesday, March 11, 2015 at 8:05:48 AM UTC-4, mcm wrote: >>> >>> I am glad someone is using x509 Auth, it is a very simple way to handle >>> user security, >>> >>> One important piece of the puzzle (with apache) is: >>> >>> SSLVerifyClient optional >>> >>> The optional allows one to accept any user on the website, while >>> having some web2py actions require a valid user certificate >>> just by adding the standard @auth.requires_login() >>> >>> ## Client Authentication (Type): >>> # Client certificate verification type and depth. Types are >>> none, optional, >>> # require and optional_no_ca. Depth is a number which specifies >>> how deeply >>> # to verify the certificate issuer chain before deciding the >>> certificate is >>> # not valid. >>> #SSLVerifyClient require >>> #SSLVerifyDepth 10 >>> >>> >>> 2015-03-11 12:27 GMT+01:00 LoveWeb2py <atayl...@gmail.com>: >>> >>>> Those are exactly the two I don't have so far from the list I saw in >>>> another post I have: >>>> >>>> SSL_CIPHER, SSL_CLIENT_I_DN, SSL_CLIENT_CERT, SSL_CLIENT_VERIFY >>>> >>>> The following are not being passed (probably a problem with my ssl.conf: >>>> SSL_CLIENT_RAW_CERT, SSL_SESSION_ID, SSL_CLIENT_SERIAL >>>> >>>> Almost there! :) I'll post the fix when I find it >>>> >>>> >>>> On Tuesday, March 10, 2015 at 7:56:45 PM UTC-4, Niphlod wrote: >>>>> >>>>> debug it, debug it, debug it. >>>>> >>>>> AFAICS, x509_auth.py requires: >>>>> >>>>> ssl_client_raw_cert >>>>> optional ssl_client_serial >>>>> >>>>> On Wednesday, March 11, 2015 at 12:04:51 AM UTC+1, LoveWeb2py wrote: >>>>>> >>>>>> so I did {{=request.env}} and I can see the SSL DATA certificate in >>>>>> another app, but for some reason the app that requires the data isn't >>>>>> being >>>>>> passed. Going to keep troubleshooting that app because I really want to >>>>>> use >>>>>> the x509 authentication with web2py!! >>>>>> >>>>>> for some reason the x509 auth isn't working still. Going to keep >>>>>> pressing and will post a fix when I find it. Thank you so much for your >>>>>> help Niphlod. I hope this helps others in the future! >>>>>> >>>>>> >>>>>> >>>>>> On Tuesday, March 10, 2015 at 6:40:29 PM UTC-4, Niphlod wrote: >>>>>>> >>>>>>> what if you return somewhere this dict (takes the "SSL*" env >>>>>>> variables and prints it) >>>>>>> >>>>>>> def yourcode(): >>>>>>> ......... >>>>>>> debug_values = {} >>>>>>> for k, v in request.env.iteritems(): >>>>>>> if k.lower().startswith('ssl'): >>>>>>> debug_values[k] = v >>>>>>> ......... >>>>>>> return dict(........., debug_values=debug_values) >>>>>>> >>>>>>> just to see if those gets indeed passed along. >>>>>>> >>>>>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+un...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
