PHP Symfony X.509 身份验证

Question

我目前正在尝试使用 X.509 证书作为 symfony 的身份验证方法。我的意思是，Symfony for Authenticating Users with X.509 Client Certificates

中应该有一个现有的实现

When using client certificates, your web server does all the authentication itself. The X.509 authenticator provided by Symfony extracts the email from the "distinguished name" (DN) of the client certificate. Then, it uses this email as user identifier in the user provider.

但我无法让它工作。我读过的所有博客文章和文档都有点无用，因为缺少实现。我不知道具体要做什么，例如，我尝试实施的所有 custom_authenticators 或提供程序都不起作用。有什么好的和可行的例子吗？

Answer 1

解决了，问题出在nginx配置上，没有包含所需的fastcgi参数

第 3 方编辑

symfony 文档包含示例配置。

A​​pache 配置

# ...
SSLCACertificateFile "/path/to/my-custom-CA.pem"
SSLVerifyClient optional
SSLVerifyDepth 1

# pass the DN to the application
SSLOptions +StdEnvVars

配置 Nginx

server {
    # ...

    ssl_client_certificate /path/to/my-custom-CA.pem;

    # enable client certificate verification
    ssl_verify_client optional;
    ssl_verify_depth 1;

    location / {
        # pass the DN as "SSL_CLIENT_S_DN" to the application
        fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;

        # ...
    }
}