[Catalyst-commits] r10308 - branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential

kmx at dev.catalyst.perl.org kmx at dev.catalyst.perl.org
Wed May 27 05:55:27 GMT 2009 

Author: kmx
Date: 2009-05-27 05:55:27 +0000 (Wed, 27 May 2009)
New Revision: 10308

Modified:
   branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm
Log:
branch Credential::Remote - support for SSL authentication via Microsoft IIS

Modified: branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm
===================================================================
--- branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm	2009-05-27 05:21:38 UTC (rev 10307)
+++ branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm	2009-05-27 05:55:27 UTC (rev 10308)
@@ -57,9 +57,10 @@
             $remuser = $c->req->user;
         }
     }    
-    elsif ($self->source =~ /^SSL_CLIENT_.*$/) {
-        # if user is authenticated via SSL certificate his distinguished name
-        # is available in e.g. SSL_CLIENT_S_DN (Apache+mod_ssl)
+    elsif ($self->source =~ /^(SSL_CLIENT_.*|CERT_*|AUTH_USER)$/) {
+        # if you are using 'exotic' webserver or if the user is 
+	# authenticated e.g via SSL certificate his name could be avaliable
+        # in different variables
         # BEWARE: $c->engine->env was broken prior 5.80005
         my $nam=$self->source;
         if (defined($c->engine->env)) {
@@ -199,13 +200,25 @@
 This config item is B<OPTIONAL> - default is REMOTE_USER.
 
 B<source> contains a name of a variable passed from webserver that contains the 
-user identification - supported values: REMOTE_USER, SSL_CLIENT_*
+user identification.
 
+Supported values: REMOTE_USER, SSL_CLIENT_*, CERT_*, AUTH_USER
+
+Note1: Apache + mod_ssl uses SSL_CLIENT_S_DN, SSL_CLIENT_S_DN_* etc. (has to be 
+enabled by 'SSLOption +StdEnvVars') or you can also let Apache make a copy of 
+this value into REMOTE_USER (Apache option 'SSLUserName SSL_CLIENT_S_DN'). 
+
+Note2: Microsoft IIS uses CERT_SUBJECT, CERT_SERIALNUMBER etc. for storing info
+about client authenticated via SSL certificate. AUTH_USER on IIS seems to have
+the same value as REMOTE_USER (but there might be some differences I am not
+aware of).
+
 =head2 deny_regexp
 
 This config item is B<OPTIONAL> - no default value.
 
-B<deny_regexp> contains a regular expression used for check against WEBUSER (details see below)
+B<deny_regexp> contains a regular expression used for check against WEBUSER 
+(see details below)
 
 =head2 allow_regexp

More information about the Catalyst-commits mailing list