[Moin-user] Question of auto create user profile via SSL client certification authentication

jwhuang jwhuang at twgrid.org
Tue Nov 3 10:40:45 EST 2009

Dear All,

I met some problems with Moin configuration about SSL authentication.
I have self-signed certificates for my wiki server and users.
Now I would like to use certificates to do authentication. Here is my
reference: http://moinmo.in/HelpOnAuthentication
As the section "SSL client certification authentication" said, I can use
"autocreate" parameter to create user profile automatically once users pass
SSL check.
But it does not work in my wiki server. Could you help me to check my
configuration if something wrong? Thanks a lot.

Add two lines at wikiconfig.py:
    from MoinMoin.auth.sslclientcert import SSLClientCertAuth
    auth = [SSLClientCertAuth(autocreate=['True'])]

At http.conf, I did the following configuration:
    Alias /moin_static184/ "/var/www/mywiki/htdocs/"
    WSGIScriptAlias /mywiki /var/www/mywiki/moin.wsgi
    WSGIDaemonProcess mywiki user=apache group=apache processes=5 threads=10
maximum-requests=1000 umask=0007
    WSGIProcessGroup mywiki
    WSGIPassAuthorization On

    <Location /mywiki>
        SetHandler python-program
        # Add the path of your wiki directory
        PythonPath "['/var/www/mywiki',
'/usr/local/lib/python2.4/site-packages'] + sys.path"
        PythonHandler MoinMoin.request.request_modpython::Request.run
        SSLVerifyClient require
        SSLUserName SSL_CLIENT_S_DN
        SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
                 and %{SSL_CLIENT_S_DN_OU} in {"GRID"})

I can access my wiki page with security http and see my DN shown in the
ssl_sccess.log. But the user profile can not be created automatically.
Any idea about this? Thanks a lot.

All the Best.
Jhen-Wei Huang

Tel:  +886-2-2789-8311
Fax: +886-2-2783-7653
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20091103/0ddd07d5/attachment.html>

More information about the Moin-user mailing list