I am using Owncloud 9.1.1 with recommended Nginx configuration and php5-fpm on Debian 8 (latest patch level). I would like to set up user authentication with client certificates, provided by an external PKI. Nginx is configured to force client certificate and provides certificate data to php-fpm, phpinfo() displays certificate data if following config is added to nginx.conf:
fastcgi_param SSL_CIPHER $ssl_cipher; fastcgi_param SSL_PROTOCOL $ssl_protocol; fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify; fastcgi_param SSL_CLIENT_CERT $ssl_client_cert; fastcgi_param SSL_CLIENT_FPRINT $ssl_client_fingerprint; fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial; fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
Are there any options for config.php to read user name from certificates DN (e.g. use CN) and ignore password?
If not, is there a plugin skeleton which can be used for authentication provider?