phpipam / Feature Requests / #38 CAC Authentication (Pass-Through)

#38 CAC Authentication (Pass-Through)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-10-04

Created: 2012-02-02

Creator: Matthew Barker

Private: No

We authenticate all users to our webserver via Common Access Cards (CAC). I also have LDAP set up within phpIPAM on this same server and it works fine. Now I am just wondering if you could add the ability to authenticate LDAP users via their their CAC (which are tied to AD).

Discussion

Matthew Barker - 2012-02-02

Basically, I am thinking this would need to do 3 things:

Verify the userPrincipalName exists in Active Directory

Get the cn from the AD account that was identified via userPrincipalName

Authenticate the user in phpIPAM

Might not be the best way to do it, but this is what I am using to get the ID from the CAC to match against the userPrincipalName field in active directory.

$cert_data = ($_SERVER['SSL_CLIENT_S_DN_CN']); // Gets the info from the CAC
$upn = strrchr($cert_data, "."); // Strips away what we don't need based on the last period
$upn = ltrim ($upn, "."); // Removes the period, leaving only the UPN
--

Based on what is in the $upn variable is what an LDAP query would match against a user id (cn) in AD
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

CAC Authentication (Pass-Through)

phpipam open-source IP address management

Group

Searches

Help

#38 CAC Authentication (Pass-Through)

Discussion

Might not be the best way to do it, but this is what I am using to get the ID from the CAC to match against the userPrincipalName field in active directory.