Solved: Is there flow variable for virtual host Client Aut...

bbhatia · 03-04-2019 07:11 AM

I can only see flow variables 'virtualhost.ssl.enabled' and 'client.ssl.enabled' but there is no variable which can tell if client authorization is enabled or not on virtual host. is anyone aware of it?

dchiesa1

EDIT

The original answer I posted here was incorrect. I wrote that "client.ssl.enabled" should give you what you want, and further that this variable isn't documented clearly. I now think both of these statements are wrong.

You can check "client.cn" - if it is null then the client has not authenticated. If it is non-null then the client has authenticated.

INCORRECT:

I think "client.ssl.enabled" gives you what you want.

View solution in original post

dchiesa1

EDIT

The original answer I posted here was incorrect. I wrote that "client.ssl.enabled" should give you what you want, and further that this variable isn't documented clearly. I now think both of these statements are wrong.

You can check "client.cn" - if it is null then the client has not authenticated. If it is non-null then the client has authenticated.

INCORRECT:

I think "client.ssl.enabled" gives you what you want.

bbhatia

I tried 'client.ssl.enabled' variable and its value was true for virtual hosts tls/ssl enabled and client auth disabled. for the time being i am using virtualhost.name to distinuguish.

dchiesa1

After looking into this, I can suggest: try testing client.cn. If non-null, it means the client has authenticated with a cert.

bbhatia

yup, client.cn was empty in case client auth disabled

Is there flow variable for virtual host Client Authorization enabled or not?