Actions
Bug #26634
closed
Smart proxy auth concern doesn't handle reverse proxy setup when the cert is (null)
Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
-
Description
The Foreman::Controller::SmartProxyAuth attempts to use smart proxy certificate authentication by looking for client certificates. It does so by looking at the ssl_client_cert_env setting. In a reverse proxy setup (Apache from EL7) with a standalone Foreman process (using Puma) I set the following in /etc/foreman/settings.yaml:
# Configure reverse proxy headers :ssl_client_dn_env: HTTP_SSL_CLIENT_S_DN :ssl_client_verify_env: HTTP_SSL_CLIENT_VERIFY :ssl_client_cert_env: HTTP_SSL_CLIENT_CERT
When you navigate to a page with a browser that doesn't present any certificates but is authenticated, the result is that request.env[Setting[:ssl_client_cert_env]] returns (none). The code then attempts to parse this as a certificate which obviously fails.
Updated by The Foreman Bot about 5 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ewoud Kohl van Wijngaarden
- Pull request https://github.com/theforeman/foreman/pull/6691 added
Updated by Ewoud Kohl van Wijngaarden about 5 years ago
- Subject changed from Smart proxy auth concern doesn't handle reverse proxy setup when the cert is (none) to Smart proxy auth concern doesn't handle reverse proxy setup when the cert is (null)
Updated by
Updated by Ewoud Kohl van Wijngaarden about 5 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset fa571deb45e7f9a4a438c83585a3bfbfcfeec58b.
Actions