Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for mapping user from TLS client certificate #865

Merged
merged 1 commit into from
Dec 20, 2018
Merged

Support for mapping user from TLS client certificate #865

merged 1 commit into from
Dec 20, 2018

Conversation

derekcollison
Copy link
Member

This allows a client certificate to identify a user in the NATS system. This is currently a boolen extension to verify, verify_and_map: true

Generally this should be an email and be part of the extended syntax for Subject in the certificate, or what is preferred as SubjectAltName designation. Hence using a simple boolean. If need be we can make it a bool or string in the future if we need to customize how the user is pulled from the cert.

Subject CN
Subject: C=US, ST=CA, L=LA, O=Synadia, OU=NATS.io, CN=localhost/emailAddress=derek@nats.io

SubjectAltName

X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:localhost, IP Address:127.0.0.1, email:derek@nats.io
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication

Go will treat these as per the spec with SubjectAltName being preferred.

Signed-off-by: Derek Collison derek@nats.io

/cc @nats-io/core

@derekcollison
Support for mapping user from TLS client certificate
7978d8e 
Signed-off-by: Derek Collison <derek@nats.io>
@coveralls
Copy link

coveralls commented Dec 20, 2018
edited
Loading

Coverage Status

Coverage decreased (-0.2%) to 91.544% when pulling 7978d8e on tls_user into 91fa422 on master.

kozlovic
kozlovic approved these changes Dec 20, 2018
View reviewed changes
Copy link
Member

@kozlovic kozlovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@derekcollison derekcollison merged commit f10020e into master Dec 20, 2018
@derekcollison derekcollison deleted the tls_user branch December 20, 2018 16:40
@wallyqs wallyqs mentioned this pull request Feb 7, 2019
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kozlovic kozlovic kozlovic approved these changes

@wallyqs wallyqs Awaiting requested review from wallyqs

@ColinSullivan1 ColinSullivan1 Awaiting requested review from ColinSullivan1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@derekcollison @coveralls @kozlovic