SSL Authentication in Mongrel

I am working on project and I need to get the value stored in the
header
(SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for
sometime in PHP by getting the value of
$_SERVER[“SSL_CLIENT_S_DN_CN”] .
Now that I am trying some stuff in Rails I can’t seem to get
anywhere.
I try to do what you do above and I get a “Bad Request” when I have
SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able
to get up and running when I comment it out.

Here is my config:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache “shmcb:/var/run/ssl_scache(512000)”
SSLSessionCacheTimeout 28800
SSLMutex “file:/var/run/ssl_mutex”
<VirtualHost *:443>
<Proxy balancer://mongrel_cluster>
BalancerMember http://127.0.0.1:3000

General setup for the virtual host

ServerName luther.example.com
ServerAdmin [email protected]
ErrorLog “/var/log/httpd-error.log”
TransferLog “/var/log/httpd-access.log”
RequestHeader set X_FORWARDED_PROTO ‘https’
SSLUserName SSL_CLIENT_S_DN_CN
ProxyPass / balancer://mongrel_cluster/
ProxyPassReverse / balancer://mongrel_cluster/
ProxyPreserveHost ON
#Rewrite the REMOTE_USER env variable into the request header
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile “/usr/local/etc/apache22/ssl/luther.crt”
SSLCertificateKeyFile “/usr/local/etc/apache22/ssl/privkey.pem”
SSLCertificateChainFile “/usr/local/etc/apache22/ssl/chain.crt”
SSLCACertificatePath “/usr/local/etc/apache22/ssl.crt”
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData

And in an controller I am just doing:

<%= request.env['SSL_CLIENT_S_DN_CN'] %>

also tried <%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %>

All I get is blank.

Any advice would be MUCH appreciated

On Thu, Mar 13, 2008 at 9:18 AM, Ben M. [email protected]
wrote:

I am working on project and I need to get the value stored in the
header
(SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for
sometime in PHP by getting the value of

All I get is blank.

Any advice would be MUCH appreciated

As a “quick and nasty, see what the hell is happening” thing, I would
put the following in your view:

<%= session.to_yaml -%>

That way you can see what the session actually contains and debug from
there.

Mikel

Fantastic! … I did that and was able to see that I was calling it
wrong!

I was <%= request.env[‘HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN’] %>

and all I needed was <%=
request.env[‘HTTP_X_FORWARDED_SSL_CLIENT_S_DN_CN’] %>

This is great news thanks for all your help.

On Sun, Mar 16, 2008 at 2:32 AM, Ben M. [email protected]
wrote:

Fantastic! … I did that and was able to see that I was calling it
wrong!

Good! :slight_smile:

That is a bit of a hackish way to do it though (putting it in the
view). A better solution is making an around filter and then
requesting it.

Like here:

http://www.lindsaar.net/2008/3/17/debugging-the-rails-session-store

Mikel
http://lindsaar.net/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs