Add support for client certificate authentication.
|Assigned To:||Robert Frank|
|Target version:||Foreman - Team Marek backlog|
|Found in release:||Pull request:||https://github.com/theforeman/hammer-cli-foreman/pull/291, https://github.com/theforeman/hammer-cli/pull/230|
|Velocity based estimate||-|
We make heavy use of certificate authentication and I've set up a foreman server to only allow certificate authentication. Unfortunately the cli only allows basic user authentication and therefore can't be used to change foreman settings on the command line.
#4 Updated by Robert Frank 5 months ago
I've had a go at implementing it a while back in case anyone is interested:
It requires the changes in
for it to work (or the *_b branches).
I'm not sure whether it's still working at all though.
#5 Updated by Tomáš Strachota 5 months ago
Nice! There were some changes in apipie-bindings and hammer and authentication very recently. That unfortunately means you will need to backport your patch. On the other hand it should make it easier to implement. I think you can leave off the hammer-cli part now.
It should be just matter of implementing another authenticator, like here:
and then modifying the foreman api connection:
#6 Updated by Robert Frank 5 months ago
Unfortunately, you can't use those authenticators to implement SSL authentication because SSL is set up before they are called. The authenticators only have access to the http request object (
Net::HTTP::Get) and not the actual http object (
Net::HTTP) which would be required to modify any SSL options (see
transmit method in RestClient's request.rb).
Currently, you have to pass the SSL options to the apipie-bindings API using its options hash which is not supported by the current hammer-cli implementation.
#8 Updated by Robert Frank 4 months ago
I've had a go at adding the ssl options to hammer-cli itself and it works for me: