This question about Using an extension: Asked

X509UserPlugin does not generate a valid LoginName

Hi,

I've just made a fresh installation of foswiki 1.0.9 on ubuntu server 10.04, from the debian repository.

X509 and SSL is working fine in my apache installation, but I haven't yet managed to get the X509UserPlugin to succesfully register a user. I've altered my System/UserRegistration page, and the fields there are filled in correctly, but after pressing submit there is an error, because the LoginName generated by the plugin is not valid - it's the DN from the certificate, which contains a bunch of characters that are not allowed by the default {LoginNameFilterIn} configuration. Should I just alter that filter to allow a DN to be used as a login name? Feels dangerous.

N.B. there are a few minor tweaks required to get the plugin to run at all, I'll collate those once I have everything working!

Any advice about which direction I should take to get things working?

Solution: Patch the X509 files in the following way:
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Plugins/X509UserPlugin.pm foswikibackup/lib/Foswiki/Plugins/X509UserPlugin.pm
--- /var/lib/foswiki/lib/Foswiki/Plugins/X509UserPlugin.pm    2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Plugins/X509UserPlugin.pm    2010-07-21 12:12:20.000000000 +0000
@@ -214,7 +214,7 @@
     my $regtopic = $Foswiki::cfg{Plugins}{X509UserPlugin}{RegistrationTopic} || 'UserRegistration';
     my $regweb = $Foswiki::cfg{UsersWebName};
     unless( Foswiki::Func::topicExists($regweb, $regtopic ) ){
-    $regweb = ::cfg{SystemWebName};
+    $regweb = $Foswiki::cfg{SystemWebName};
     }
 
     unless( $debug || ( $theTopic eq $regtopic && $theWeb eq $regweb )
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Users/X509UserMapping.pm foswikibackup/lib/Foswiki/Users/X509UserMapping.pm
--- /var/lib/foswiki/lib/Foswiki/Users/X509UserMapping.pm    2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Users/X509UserMapping.pm    2010-07-21 12:10:37.000000000 +0000
@@ -86,7 +86,7 @@
     # But some of the Foswiki infrastructure checks for this before calling us.
 
     if (!$Foswiki::cfg{Register}{AllowLoginName}) {
-        $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
+#        $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
         $Foswiki::cfg{Register}{AllowLoginName} = 1;
     }
 
That's just a fudge to avoid a couple of problems that stopped those bits from working.

Then in addition to changing the Login Manager etc. as per the plugin's documentation, you need to change your /etc/foswiki/LocalSite.cfg so that the names generated by the X509 plugin are accepted as login names:

$Foswiki::cfg{LoginNameFilterIn} = '^[^\\*?~^\\$%`"\'&;|<>\\x00-\\x1f]+$';

Now it should work. Anybody can confirm or deny?

QuestionForm edit

Subject Using an extension
Extension X509UserPlugin
Version Foswiki 1.0.9
Status Asked
Related Topics
Topic revision: r4 - 19 Jan 2012, CrawfordCurrie - This page was cached on 09 Jan 2018 - 11:35.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License