Class: CASServer::Authenticators::ClientCertificate

Inherits:
Base
  • Object
show all
Defined in:
lib/casserver/authenticators/client_certificate.rb

Overview

NOT YET IMPLEMENTED

This authenticator will authenticate the user based on a client SSL certificate.

You will probably want to use this along with another authenticator, chaining it so that if the client does not provide a certificate, the server can fall back to some other authentication mechanism.

Here’s an example of how to use two chained authenticators in the config.yml file. The server will first use the ClientCertificate authenticator, and only fall back to the SQL authenticator of the first one fails:

authenticator:

-
  class: CASServer::Authenticators::ClientCertificate
-
  class: CASServer::Authenticators::SQL
  database:
    adapter: mysql
    database: some_database_with_users_table
    user: root
    password:
    server: localhost
  user_table: user
  username_column: username
  password_column: password

Instance Attribute Summary

Attributes inherited from Base

#options, #username

Instance Method Summary collapse

Methods inherited from Base

#configure, #extra_attributes

Instance Method Details

#validate(credentials) ⇒ Object



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'lib/casserver/authenticators/client_certificate.rb', line 31

def validate(credentials)
  read_standard_credentials(credentials)

  @client_cert = credentials[:request]['SSL_CLIENT_CERT']

  # note that I haven't actually tested to see if SSL_CLIENT_CERT gets
  # filled with data when a client cert is provided, but this should be
  # the case at least in theory :)

  return false if @client_cert.blank?

  # IMPLEMENT SSL CERTIFICATE VALIDATION CODE HERE

  return true # if SSL certificate is valid, false otherwise
end