Implemented New Feature in OpenCATS

Please describe the issue you're having
If you accept the answer, please mark the topic as [SOLVED] by clicking the tick.

Moderators: RussH, cptr13

Forum rules
Just please remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but respect our space and keep your comments directed to the topic at hand.
Post Reply
Posts: 13
Joined: 26 Aug 2011, 15:59
what is two(2) plus three(3) ?: 5

Implemented New Feature in OpenCATS

Post by scott1981 » 02 Jul 2018, 22:30

I wanted to restrict access to OpenCATS using client certificates, and also find a way to associate a given client certificate to a user account. This is particularly interesting since it allows a user to log into the system without typing or entering any username/password combination. Login credentials are taken from the certificate itself.

The process is as follows:

1) Apache/NGINX requests a certificate from the client "optionally" and user sends certificate installed in the browser
2) If Apache/NGINX verifies the validity of the certificate, user is taken to OpenCATS login screen.
3) User can either log in with username/password, or click on a third button called "Log In With Certificate" and as soon as this button is clicked, the user is automatically logged in and the home dashboard screen appears.
4) In order for this to work a user account should have been created prior with some data fields from the cert.
5) If the client submitted no certificate, then only username/passsword login will be availble.

I was wondering if this might be of any interest to the project leaders, and if so, who should I send code modifications to?


User avatar
Site Admin
Posts: 824
Joined: 12 Apr 2008, 08:28
what is two(2) plus three(3) ?: 5
Location: UK

Re: Implemented New Feature in OpenCATS

Post by RussH » 08 Aug 2018, 17:02

Hi Scott,

definitely interesting, however I'd probably add this into the 'optional updates' subdirectory as I'd expect anyone with this type of requirement to use LDAP / SSO for similar results?

I don't believe we even have many deployments with LDAP configured.

Report your issues and feature requests;

Please CLICK THE TICK to accept the answer!

Post Reply