SLL通过Django中的apache进行身份验证

时间:2014-08-01 12:55:08

标签: django apache

我想使用x509证书中的信息对用户进行身份验证... Apache似乎验证确定,但我在Django中没有得到REMOTE_USER内容。不知道为什么。

apache config:

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile    /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        SSLVerifyClient require
        SSLVerifyDepth 10
        SSLCACertificateFile /etc/apache2/ssl/ca.cer


        SSLOptions +StdEnvVars +ExportCertData

        <Directory />
                        Options FollowSymLinks
                        AllowOverride None
                        SSLOptions +StdEnvVars


        </Directory>
        <Directory /var/www/>
                        Options Indexes FollowSymLinks MultiViews
                        AllowOverride None
                        Order allow,deny
                        allow from all
        </Directory>
        WSGIDaemonProcess rmc_wsgi processes=2 threads=15 display-name=%{GROUP}
        WSGIScriptAlias /rmc /home/xxx/projects/rmc/rmc/wsgi.py
        <Location /rmc>
                WSGIProcessGroup rmc_wsgi
        </Location>


</VirtualHost>

中间件:

class CorrectRemoteUserMiddleware(RemoteUserMiddleware):
    header = "HTTP_REMOTE_USER"

后端

class RemoteUserBackendNoCreate(RemoteUserBackend):
    create_unknown_user = True

    def authenticate(self, remote_user):
        user = super(self.__class__, self).authenticate(remote_user)
        print >> sys.stderr, ("AuthBackend: REMOTE_USER=" + remote_user + "AuthBackend: User=" + user)
        print >> sys.stderr, 'in authenticate'
        return user

settings.py:

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'webrecif.middleware.CorrectRemoteUserMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.RemoteUserMiddleware',

)

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.RemoteUserBackend',
    'webrecif.backends.RemoteUserBackendNoCreate',
)

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.static',
)

1 个答案:

答案 0 :(得分:3)

我想你想补充一下 SSLUserName SSL_CLIENT_S_DN_CN 到你的apache ssl conf;每http://httpd.apache.org/docs/2.2/mod/mod_ssl.html,这会将REMOTE_USER设置为USER的公共名称。 (根据您支持的许多证书,您可能希望使用DN来保证唯一性)。如果您的DN或CN超过Django用户名字符串长度,您可能还需要添加一些修改。

相关问题
最新问题