mirror of https://github.com/MISP/MISP
d2eaccec31
|
||
|---|---|---|
| .. | ||
| Controller/Component/Auth | ||
| README.md | ||
README.md
#Client SSL Certificate Authentication for CakePHP
This plugin enables CakePHP applications to use client SSL certificates to stateless authenticate its users. It reads information from the client certificate and can synchronize data with a foreign REST API and the client User model.
Basically it loads the SSL_CLIENT_* variables, parses and maps the certificate information to the user. So you first need a server that checks client certificates and forwards that information to the PHP $_SERVER environment.
Usage
Enable the plugin at bootstrap.php:
CakePlugin::load('CertAuth');
And configure it:
Configure::write('CertAuth',
array(
'ca' => array( 'FIRST.Org' ), // allowed CAs
'caId' => 'O', // which attribute will be used to verify the CA
'userModel' => 'User', // name of the User class to check if user exists
'userModelKey' => 'nids_sid', // User field that will be used for querying
'map' => array( // maps client certificate attributes to User properties
'O' => 'org',
'emailAddress'=>'email',
),
'syncUser' => true, // should the User be synchronized with an external REST API
'restApi' => array( // API parameters
'url' => 'https://example.com/data/users', // URL to query
'headers' => array(), // additional headers, used for authentication
'param' => array( 'email' => 'email'), // query parameters to add to the URL, mapped to USer properties
'map' => array( // maps REST result to the User properties
'uid' => 'id',
'name' => 'name',
'company' => 'org',
'email' => 'email',
),
),
),
));