Class | CASServer::Authenticators::ClientCertificate |
In: |
lib/casserver/authenticators/client_certificate.rb
|
Parent: | CASServer::Authenticators::Base |
NOT YET IMPLEMENTED
This authenticator will authenticate the user based on a client SSL certificate.
You will probably want to use this along with another authenticator, chaining it so that if the client does not provide a certificate, the server can fall back to some other authentication mechanism.
Here‘s an example of how to use two chained authenticators in the config.yml file. The server will first use the ClientCertificate authenticator, and only fall back to the SQL authenticator of the first one fails:
authenticator:
- class: CASServer::Authenticators::ClientCertificate - class: CASServer::Authenticators::SQL database: adapter: mysql database: some_database_with_users_table user: root password: server: localhost user_table: user username_column: username password_column: password
# File lib/casserver/authenticators/client_certificate.rb, line 31 31: def validate(credentials) 32: read_standard_credentials(credentials) 33: 34: @client_cert = credentials[:request]['SSL_CLIENT_CERT'] 35: 36: # note that I haven't actually tested to see if SSL_CLIENT_CERT gets 37: # filled with data when a client cert is provided, but this should be 38: # the case at least in theory :) 39: 40: return false if @client_cert.blank? 41: 42: # IMPLEMENT SSL CERTIFICATE VALIDATION CODE HERE 43: raise NotImplementedError, "#{self.class.name}#validate NOT YET IMPLEMENTED!" 44: 45: return true # if SSL certificate is valid, false otherwise 46: end