4 Replies Latest reply on Jul 25, 2012 12:40 PM by Alexander Babichev

    Access to SSL Distinguished Name information in Rhoconnect Authenticate Method

    25c49980-cb2e-4113-a5a7-2f0078c85330

      Hello again,

       

      I've got another newbie question around Rhoconnect authentication, and I'd appreciate input from anyone who can help!

       

      I'm looking to use a client SSL certificate (and a server certificate) to secure communication between Rhoconnect client and server.  To tell NGINX to check for a valid client certificate I can add the following lines to the nginx configuration....

       

      ssl_client_certificate /etc/nginx/certs/ca.crt;

      ssl_verify_client on;

       

      So far so good.  But what I want to do is make the distinguished name (dn) attribute from the certificate available to my authenticate method. Nginx makes this information available in a built-in variable.  I'm not sure how to get that passed to the Rhoconnect thin instance, and to my application.rb in particular.  I guess I could push it into the HTTP(s) header or something, but I'm not even really sure where/how to access that.

       

      I've managed to find an example for doing this for PHP invoked through fastcgi - but I've not been able to figure out how to translate this to ruby/Rhoconnect.  For php you'd do this (allegedly)...

       

         fastcgi_param  DN $ssl_client_s_dn;

         include        fastcgi_params;

       

      It strikes me as something that could be really useful to other enterprise users, so someone must be doing it.

       

      Many thanks

       

      John