Page 1 of 1

Implemented New Feature in OpenCATS

Posted: 02 Jul 2018, 22:30
by scott1981
I wanted to restrict access to OpenCATS using client certificates, and also find a way to associate a given client certificate to a user account. This is particularly interesting since it allows a user to log into the system without typing or entering any username/password combination. Login credentials are taken from the certificate itself.

The process is as follows:

1) Apache/NGINX requests a certificate from the client "optionally" and user sends certificate installed in the browser
2) If Apache/NGINX verifies the validity of the certificate, user is taken to OpenCATS login screen.
3) User can either log in with username/password, or click on a third button called "Log In With Certificate" and as soon as this button is clicked, the user is automatically logged in and the home dashboard screen appears.
4) In order for this to work a user account should have been created prior with some data fields from the cert.
5) If the client submitted no certificate, then only username/passsword login will be availble.

I was wondering if this might be of any interest to the project leaders, and if so, who should I send code modifications to?

Thanks!

Re: Implemented New Feature in OpenCATS

Posted: 08 Aug 2018, 17:02
by RussH
Hi Scott,

definitely interesting, however I'd probably add this into the 'optional updates' subdirectory as I'd expect anyone with this type of requirement to use LDAP / SSO for similar results?

I don't believe we even have many deployments with LDAP configured.