Merge "Delete the external auth admin guide"
This commit is contained in:
commit
91fc9c6c64
|
@ -1,41 +0,0 @@
|
|||
=====================================
|
||||
External authentication with Identity
|
||||
=====================================
|
||||
|
||||
When Identity runs in ``apache-httpd``, you can use external
|
||||
authentication methods that differ from the authentication provided by
|
||||
the identity store back end. For example, you can use an SQL identity
|
||||
back end together with X.509 authentication and Kerberos, instead of
|
||||
using the user name and password combination.
|
||||
|
||||
Use HTTPD authentication
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Web servers, like Apache HTTP, support many methods of authentication.
|
||||
Identity can allow the web server to perform the authentication. The web
|
||||
server then passes the authenticated user to Identity by using the
|
||||
``REMOTE_USER`` environment variable. This user must already exist in
|
||||
the Identity back end to get a token from the controller. To use this
|
||||
method, Identity should run on ``apache-httpd``.
|
||||
|
||||
Use X.509
|
||||
~~~~~~~~~
|
||||
|
||||
The following Apache configuration snippet authenticates the user based
|
||||
on a valid X.509 certificate from a known CA:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
<VirtualHost _default_:5000>
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/ssl/certs/ssl.cert
|
||||
SSLCertificateKeyFile /etc/ssl/private/ssl.key
|
||||
|
||||
SSLCACertificatePath /etc/ssl/allowed_cas
|
||||
SSLCARevocationPath /etc/ssl/allowed_cas
|
||||
SSLUserName SSL_CLIENT_S_DN_CN
|
||||
SSLVerifyClient require
|
||||
SSLVerifyDepth 10
|
||||
|
||||
(...)
|
||||
</VirtualHost>
|
|
@ -22,7 +22,6 @@ command-line client.
|
|||
identity-domain-specific-config.rst
|
||||
identity-url-safe-naming.rst
|
||||
identity-case-insensitive.rst
|
||||
identity-external-authentication.rst
|
||||
identity-integrate-with-ldap.rst
|
||||
identity-upgrading.rst
|
||||
identity-tokens.rst
|
||||
|
|
Loading…
Reference in New Issue