You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2023-11-23 11:54:44
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Authentication with X.509 certificate
Good morning everyone,
I would like to understand how to set up and activate authentication with the x.509 certificate.
I can't find any information anywhere.
can you help me
Thank you
Offline
#2 2023-11-23 16:33:00
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: Authentication with X.509 certificate
x509 certificate authentication with GLPI should be no different than a typical Apache x509 authentication setup (there should be guides online for your platform for this). The only GLPI-specific thing in in Setup > Authentication > Other authentication methods in the x509 section where you can specify the attribute name that corresponds to the email address and add restrictions for who can authenticate.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#3 2023-11-24 10:55:55
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Re: Authentication with X.509 certificate
Thanks for the reply, can you give me some further information, I have never done this type of authentication.
So will I have a certificate for each user who needs to log in?
Thank you
Last edited by neorevolution (2023-11-24 10:57:11)
Offline
#4 2023-11-24 15:54:35
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Re: Authentication with X.509 certificate
How should these parameters be configured?
Authentication with X.509 certificate
Email attribute for X.509 authentication
Restrict OU field for X.509 authentication ($ separator)
Restrict CN field for X.509 authentication ($ separator)
Restrict O field for X.509 authentication ($ separator)
Thank you
Offline
#5 2023-11-28 11:54:14
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Re: Authentication with X.509 certificate
Good morning,
I set Apache2 for authentication via certificate, and it actually lets me enter glpi but asks me to log in anyway, what am I doing wrong?
Offline
#6 2023-11-28 18:50:44
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Re: Authentication with X.509 certificate
in the Email attribute for X.509 authentication field I entered both E and emailAdress, but it doesn't log me in.
I entered in CustomLog /var/log/apache2/ssl_access.log "%h %l %{SSL_CLIENT_S_DN_Email}x %t \"%r\" %>s %b \"%{Referer}i\" \"%{ User-agent}i\""
the email that is passed is correct.
can you help me
Thank you
Offline
#7 2023-11-28 20:17:45
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: Authentication with X.509 certificate
Sorry, I really don't know. I don't have anything set up to test this myself. What are your users using to authenticate? Smart cards? Something distributed through Active Directory/Group Policy?
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#8 2023-11-29 10:20:16
- neorevolution
- Member
- Registered: 2023-11-23
- Posts: 7
Re: Authentication with X.509 certificate
Thanks, they use an x509 certificate set in the browser.
Offline
Pages: 1