TWiki> UCSDTier2 Web>WebAuthentication (revision 1)EditAttach

The configuration of Apache web server for x509 based authentication

  • Frontent Http Server Configuration

A https is used for x509 authentication. The user DN and a few other pieces of information are put into the header of http request. The http request is forwarded to a backend http. The configuration file of Apache are attached: ssl.conf

       <Directory /var/www/html/production_request>
        RewriteEngine on
        SSLRequireSSL
        SSLVerifyDepth 3
        SSLVerifyClient require
        SSLOptions +StdEnvVars +StrictRequire +CompatEnvVars +ExportCertData
        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
        Options +FollowSymlinks
        RequestHeader set SSL_CLIENT_CERT %{SSL_CLIENT_CERT}e
        RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}e
        RequestHeader set SSL_CLIENT_VERIFY %{SSL_CLIENT_VERIFY}e
        RequestHeader set HTTPS %{HTTPS}e
        RewriteRule ^(.*) http://submit-3.t2.ucsd.edu/production_request/$1 [proxy]
       </Directory>
        RewriteLog "/etc/httpd/logs/rewrite.log"
        RewriteLogLevel 10

  • Backend Http Server Configuration

The backend works as a proxy and forward the http request from the frontend to the cherrypy application (the port that cherrypy uses)

  • Cherrypy Application

The Cherrypy application conducts checking the user from the databases, registration, starting the production ...

-- HaifengPi - 02 Sep 2008

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2008/09/02 - 21:53:52 - HaifengPi
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback