Please describe the issue you're having
If you accept the answer, please mark the topic as [SOLVED] by clicking the tick.

Moderators: RussH, cptr13

Forum rules: Just please remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but respect our space and keep your comments directed to the topic at hand.
#3749
I wanted to restrict access to OpenCATS using client certificates, and also find a way to associate a given client certificate to a user account. This is particularly interesting since it allows a user to log into the system without typing or entering any username/password combination. Login credentials are taken from the certificate itself.

The process is as follows:

1) Apache/NGINX requests a certificate from the client "optionally" and user sends certificate installed in the browser
2) If Apache/NGINX verifies the validity of the certificate, user is taken to OpenCATS login screen.
3) User can either log in with username/password, or click on a third button called "Log In With Certificate" and as soon as this button is clicked, the user is automatically logged in and the home dashboard screen appears.
4) In order for this to work a user account should have been created prior with some data fields from the cert.
5) If the client submitted no certificate, then only username/passsword login will be availble.

I was wondering if this might be of any interest to the project leaders, and if so, who should I send code modifications to?

Thanks!
#3778
Hi Scott,

definitely interesting, however I'd probably add this into the 'optional updates' subdirectory as I'd expect anyone with this type of requirement to use LDAP / SSO for similar results?

I don't believe we even have many deployments with LDAP configured.

For these types of buggs I usually get help from g[…]

I was also looking for this thread. Finally landed[…]

opencats Installation

Hostinger offers good performance with low-cost […]

You may consider refining your search criteria by […]