Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Closed
Description
Description
For example from version 1.11.6 of nginx (http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) default format of "distinguished name" uses RFC 2253 (https://tools.ietf.org/html/rfc2253)
k8s nginx ingress uses it as well.
Example
nginx:
$ssl_client_s_dn => emailAddress=developer@example.com,CN=symfony.com
$ssl_client_s_dn_legacy => /emailAddress=developer@example.com/CN=symfony.com
Condition must be modified (add regex):
namespace Symfony\Component\Security\Http\Firewall;// ...class X509AuthenticationListener extends AbstractPreAuthenticatedListener{ // ... /** * {@inheritdoc} */ protected function getPreAuthenticatedData(Request $request) { $user = null; if ($request->server->has($this->userKey)) { $user = $request->server->get($this->userKey); } elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) { $user = $matches[1]; } if (null === $user) { throw new BadCredentialsException(sprintf('SSL credentials not found: %s, %s', $this->userKey, $this->credentialKey)); } return [$user, $request->server->get($this->credentialKey, '')]; }}```