topperge/Apache Virtual Host Config

## Apache Virtual Host Config
# Assume mod_headers are on, if not 'a2enmod headers'

          RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
          RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"

## devise.rb
#{RAILS_HOME}/config/initializers/devise.rb
# Put this at the end of the file
  config.warden do |manager|
    # This line you may not want depending on your app
    manager.intercept_401 = false
    manager.default_strategies(:scope => :user).unshift :dn_override
  end

## dn_override.rb
#{RAILS_HOME}/config/initializers/dn_override.rb
#  Assumes both SSL_CLIENT_VERIFY and SSL_CLIENT_S_DN is being sent by the WebServer
#  See Virtual Host Config Lines below for what you need there.
#  Don't forget DNs come in backwards from the webserver so depending on
#  how you're storing DNs in the database or LDAP you'll need to gsub('/',',')
#  and reverse the SSL_CLIENT_S_DN
require 'devise/strategies/authenticatable'

module Devise
  module Strategies
    class DnOverride < Authenticatable
      def valid?
        true
      end

      def authenticate!
        if request.headers["SSL_CLIENT_VERIFY"]=='SUCCESS' && !request.headers["SSL_CLIENT_S_DN"].blank?
          dn = request.headers["SSL_CLIENT_S_DN"].downcase!
          # If you need the DN reversed (Theres probably a more efficient way)
          # dn.slice!(0)
          # dn_array = dn.split("/")
          # dn_array = dn_array.reverse
          # dn = dn_array.map { |i|  i.to_s }.join(",")
          user = User.find_by_dn(:dn)
          if user
            success!(user)
          else
            fail
          end
        else
          fail
        end
      end
    end
  end
end

Warden::Strategies.add(:dn_override, Devise::Strategies::DnOverride)
	# Assume mod_headers are on, if not 'a2enmod headers'

	RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
	RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
	#{RAILS_HOME}/config/initializers/devise.rb
	# Put this at the end of the file
	config.warden do \|manager\|
	# This line you may not want depending on your app
	manager.intercept_401 = false
	manager.default_strategies(:scope => :user).unshift :dn_override
	end
	#{RAILS_HOME}/config/initializers/dn_override.rb
	# Assumes both SSL_CLIENT_VERIFY and SSL_CLIENT_S_DN is being sent by the WebServer
	# See Virtual Host Config Lines below for what you need there.
	# Don't forget DNs come in backwards from the webserver so depending on
	# how you're storing DNs in the database or LDAP you'll need to gsub('/',',')
	# and reverse the SSL_CLIENT_S_DN
	require 'devise/strategies/authenticatable'

	module Devise
	module Strategies
	class DnOverride < Authenticatable
	def valid?
	true
	end

	def authenticate!
	if request.headers["SSL_CLIENT_VERIFY"]=='SUCCESS' && !request.headers["SSL_CLIENT_S_DN"].blank?
	dn = request.headers["SSL_CLIENT_S_DN"].downcase!
	# If you need the DN reversed (Theres probably a more efficient way)
	# dn.slice!(0)
	# dn_array = dn.split("/")
	# dn_array = dn_array.reverse
	# dn = dn_array.map { \|i\| i.to_s }.join(",")
	user = User.find_by_dn(:dn)
	if user
	success!(user)
	else
	fail
	end
	else
	fail
	end
	end
	end
	end
	end

	Warden::Strategies.add(:dn_override, Devise::Strategies::DnOverride)