I’m trying to setup a Phabricator instance that authenticate the user using an SSL certificate.
My approach consist in letting the authentication process itself being handled by the HTTP server, Apache’s mod_ssl in my case. And then letting Phabricator now about it.
I’ve written a PoC with an (AuthProvider, AuthAdapter) pair of extensions that extract data from the certificate and use them. It seems to work so far.
But then, I faced a problem with the
arc command. This command don’t seems to support SSL client authentication. Looking at the code, it seems to use the
HTTPSFuture class which use the
curl extension. So I made this class use the
CURLOPT_SSLKEY options. It seems to work so far.
I would like this authentication method reach upstream. Do you think it’s possible?