New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Using an extension: Asked

X509UserPlugin does not generate a valid LoginName


I've just made a fresh installation of foswiki 1.0.9 on ubuntu server 10.04, from the debian repository.

X509 and SSL is working fine in my apache installation, but I haven't yet managed to get the X509UserPlugin to succesfully register a user. I've altered my System/UserRegistration page, and the fields there are filled in correctly, but after pressing submit there is an error, because the LoginName generated by the plugin is not valid - it's the DN from the certificate, which contains a bunch of characters that are not allowed by the default {LoginNameFilterIn} configuration. Should I just alter that filter to allow a DN to be used as a login name? Feels dangerous.

N.B. there are a few minor tweaks required to get the plugin to run at all, I'll collate those once I have everything working!

Any advice about which direction I should take to get things working?

Solution: Patch the X509 files in the following way:
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Plugins/ foswikibackup/lib/Foswiki/Plugins/
--- /var/lib/foswiki/lib/Foswiki/Plugins/    2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Plugins/    2010-07-21 12:12:20.000000000 +0000
@@ -214,7 +214,7 @@
     my $regtopic = $Foswiki::cfg{Plugins}{X509UserPlugin}{RegistrationTopic} || 'UserRegistration';
     my $regweb = $Foswiki::cfg{UsersWebName};
     unless( Foswiki::Func::topicExists($regweb, $regtopic ) ){
-    $regweb = ::cfg{SystemWebName};
+    $regweb = $Foswiki::cfg{SystemWebName};
     unless( $debug || ( $theTopic eq $regtopic && $theWeb eq $regweb )
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Users/ foswikibackup/lib/Foswiki/Users/
--- /var/lib/foswiki/lib/Foswiki/Users/    2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Users/    2010-07-21 12:10:37.000000000 +0000
@@ -86,7 +86,7 @@
     # But some of the Foswiki infrastructure checks for this before calling us.
     if (!$Foswiki::cfg{Register}{AllowLoginName}) {
-        $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
+#        $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
         $Foswiki::cfg{Register}{AllowLoginName} = 1;
That's just a fudge to avoid a couple of problems that stopped those bits from working.

Then in addition to changing the Login Manager etc. as per the plugin's documentation, you need to change your /etc/foswiki/LocalSite.cfg so that the names generated by the X509 plugin are accepted as login names:

$Foswiki::cfg{LoginNameFilterIn} = '^[^\\*?~^\\$%`"\'&;|<>\\x00-\\x1f]+$';

Now it should work. Anybody can confirm or deny?

QuestionForm edit

Subject Using an extension
Extension X509UserPlugin
Version Foswiki 1.0.9
Status Asked
Related Topics
Topic revision: r4 - 19 Jan 2012, CrawfordCurrie - This page was cached on 18 Jun 2018 - 13:06.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy