This question about Using an extension: Asked
X509UserPlugin does not generate a valid LoginName
Hi,
I've just made a fresh installation of foswiki 1.0.9 on ubuntu server 10.04, from the debian repository.
X509 and SSL is working fine in my apache installation, but I haven't yet managed to get the
X509UserPlugin to succesfully register a user. I've altered my System/UserRegistration page, and the fields there are filled in correctly, but after pressing submit there is an error, because the
LoginName generated by the plugin is not valid - it's the DN from the certificate, which contains a bunch of characters that are not allowed by the default {LoginNameFilterIn} configuration. Should I just alter that filter to allow a DN to be used as a login name? Feels dangerous.
N.B. there are a few minor tweaks required to get the plugin to run at all, I'll collate those once I have everything working!
Any advice about which direction I should take to get things working?
Solution: Patch the X509 files in the following way:
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Plugins/X509UserPlugin.pm foswikibackup/lib/Foswiki/Plugins/X509UserPlugin.pm
--- /var/lib/foswiki/lib/Foswiki/Plugins/X509UserPlugin.pm 2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Plugins/X509UserPlugin.pm 2010-07-21 12:12:20.000000000 +0000
@@ -214,7 +214,7 @@
my $regtopic = $Foswiki::cfg{Plugins}{X509UserPlugin}{RegistrationTopic} || 'UserRegistration';
my $regweb = $Foswiki::cfg{UsersWebName};
unless( Foswiki::Func::topicExists($regweb, $regtopic ) ){
- $regweb = ::cfg{SystemWebName};
+ $regweb = $Foswiki::cfg{SystemWebName};
}
unless( $debug || ( $theTopic eq $regtopic && $theWeb eq $regweb )
diff -wBbuir /var/lib/foswiki/lib/Foswiki/Users/X509UserMapping.pm foswikibackup/lib/Foswiki/Users/X509UserMapping.pm
--- /var/lib/foswiki/lib/Foswiki/Users/X509UserMapping.pm 2010-09-11 20:55:32.000000000 +0000
+++ foswikibackup/lib/Foswiki/Users/X509UserMapping.pm 2010-07-21 12:10:37.000000000 +0000
@@ -86,7 +86,7 @@
# But some of the Foswiki infrastructure checks for this before calling us.
if (!$Foswiki::cfg{Register}{AllowLoginName}) {
- $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
+# $session->writeWarning( 'X509UserMapping has TURNED ON AllowLoginName, because it seems to be required for certificates.' );
$Foswiki::cfg{Register}{AllowLoginName} = 1;
}
That's just a fudge to avoid a couple of problems that stopped those bits from working.
Then in addition to changing the Login Manager etc. as per the plugin's documentation, you need to change your /etc/foswiki/LocalSite.cfg so that the names generated by the X509 plugin are accepted as login names:
$Foswiki::cfg{LoginNameFilterIn} = '^[^\\*?~^\\$%`"\'&;|<>\\x00-\\x1f]+$';
Now it should work. Anybody can confirm or deny?