SSL Certificate Authentication

Hi,

I’m trying to setup a Phabricator instance that authenticate the user using an SSL certificate.

My approach consist in letting the authentication process itself being handled by the HTTP server, Apache’s mod_ssl in my case. And then letting Phabricator now about it.

I’ve written a PoC with an (AuthProvider, AuthAdapter) pair of extensions that extract data from the certificate and use them. It seems to work so far.

But then, I faced a problem with the arc command. This command don’t seems to support SSL client authentication. Looking at the code, it seems to use the HTTPSFuture class which use the curl extension. So I made this class use the CURLOPT_SSLCERT and CURLOPT_SSLKEY options. It seems to work so far.

I would like this authentication method reach upstream. Do you think it’s possible?

Regards,

Sheda

Hi,

Of course I’ll provide the patches and extensions :slight_smile:

Regards,

Sheda