Use Client Certificate for Authentication to Ownclound

ssl
help

#1

I am using Owncloud 9.1.1 with recommended Nginx configuration and php5-fpm on Debian 8 (latest patch level). I would like to set up user authentication with client certificates, provided by an external PKI. Nginx is configured to force client certificate and provides certificate data to php-fpm, phpinfo() displays certificate data if following config is added to nginx.conf:

        fastcgi_param SSL_CIPHER            $ssl_cipher;
        fastcgi_param SSL_PROTOCOL          $ssl_protocol;
        fastcgi_param SSL_CLIENT_VERIFY     $ssl_client_verify;
        fastcgi_param SSL_CLIENT_CERT       $ssl_client_cert;
        fastcgi_param SSL_CLIENT_FPRINT     $ssl_client_fingerprint;
        fastcgi_param SSL_CLIENT_SERIAL     $ssl_client_serial;
        fastcgi_param SSL_CLIENT_S_DN       $ssl_client_s_dn;
        fastcgi_param SSL_CLIENT_I_DN       $ssl_client_i_dn;

Are there any options for config.php to read user name from certificates DN (e.g. use CN) and ignore password?

If not, is there a plugin skeleton which can be used for authentication provider?


#2

Hi,

there is currently no support for client certificates in ownCloud:


#3

Hello,
will support client certificates for ownCloud mobile app? (IOS / Android). Do you know the date of implementation?
Thanks


#4

Another great security feature the release includes is support for SSL client certificates that provide an additional layer of security by empowering admins to distribute certificates to users and restrict access thereby (in addition to usual passwords).

from https://owncloud.org/blog/new-desktop-client-2-3-0-release-out-now/