entrouvert
/
authentic2-beid
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
Adaptation to Authentic 2.x for authentication and registration with belgian eID card
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
11 Commits 1 Branch 1 Tag 33 KiB
Python 88.1%
HTML 11.9%
Go to file
Serghei Mihai a7a828bb46 retreive use first and last names from ssl certificated during registration 2015-05-20 18:54:05 +02:00
src/authentic2_beid retreive use first and last names from ssl certificated during registration 2015-05-20 18:54:05 +02:00
MANIFEST.in initial commit 2015-05-17 15:49:43 +02:00
README nginx configure example 2015-05-20 18:38:38 +02:00
setup.py initial commit 2015-05-17 15:49:43 +02:00

README 

== Configure Nginx to launch SSL authentication ==

Configure urls requiring SSL authentication

server {
        listen 8443;

        server_name example.com;

        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH$
        ssl_prefer_server_ciphers on;

        ssl_certificate         /etc/ssl/certs/example.com.pem;
        ssl_certificate_key     /etc/ssl/private/example.com.key;
        ssl_verify_client optional_no_ca;

        location / {
                return 301 https://$host/;
        }

        location ~ ^/accounts/beid/(signin|add) {
                proxy_pass         http://localhost:8000;
                proxy_read_timeout 600;
                proxy_set_header Host              $host;
                proxy_set_header X-Real-IP         $remote_addr;
                proxy_set_header X-Forwarded-For   $remote_addr;
                proxy_set_header X-Forwarded-SSL off;
                proxy_set_header X-Forwarded-Protocol ssl;
                proxy_set_header X-Forwarded-Proto http;
                proxy_set_header Ssl-Client-I-Dn $ssl_client_i_dn;
                proxy_set_header Ssl-Client-S-Dn $ssl_client_s_dn;
                proxy_set_header Ssl-Client-Serial $ssl_client_serial;
                proxy_set_header Ssl-Client-Cert $ssl_client_cert;
        }

}