4 Replies Latest reply on Jul 25, 2012 12:40 PM by Alexander Babichev

    Access to SSL Distinguished Name information in Rhoconnect Authenticate Method


      Hello again,


      I've got another newbie question around Rhoconnect authentication, and I'd appreciate input from anyone who can help!


      I'm looking to use a client SSL certificate (and a server certificate) to secure communication between Rhoconnect client and server.  To tell NGINX to check for a valid client certificate I can add the following lines to the nginx configuration....


      ssl_client_certificate /etc/nginx/certs/ca.crt;

      ssl_verify_client on;


      So far so good.  But what I want to do is make the distinguished name (dn) attribute from the certificate available to my authenticate method. Nginx makes this information available in a built-in variable.  I'm not sure how to get that passed to the Rhoconnect thin instance, and to my application.rb in particular.  I guess I could push it into the HTTP(s) header or something, but I'm not even really sure where/how to access that.


      I've managed to find an example for doing this for PHP invoked through fastcgi - but I've not been able to figure out how to translate this to ruby/Rhoconnect.  For php you'd do this (allegedly)...


         fastcgi_param  DN $ssl_client_s_dn;

         include        fastcgi_params;


      It strikes me as something that could be really useful to other enterprise users, so someone must be doing it.


      Many thanks