ingria/laravel-x509-auth

Release v1.0.0

Laravel 5 Client Certificate auth middleware

Repository Packagist PHP

Keywords
auth, x509, laravel, certificate, authentication, client-certificate, middleware
License
MIT

Documentation

Client certificate authentication middleware for Laravel 5

Also known as X.509 client authentication.

How does it work

  1. You have a user in your app. For example, Admin:admin@yourapp.tld
  2. You generate a certificate for that user. Make sure you're using admin@yourapp.tld for certificate's emailAddress field.
  3. This package allows Admin to use your app without ever logging in.
  4. All users including Admin can still use plain password auth.

Pro tip: you can also use any other certificate attributes for authentication, not only emailAddress (like id or username). I don't think you need this package in that case, but anyway 🤷.

Prerequisites

Please don't blindly copy-paste the commands. It's important for you to know what you're doing.

1. Generate CA and Client certificate

Generating Certificate Authority:

openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

Generating client certificate and signing it with your CA. When asked for the email, enter email of your app's user which will be autheticated with this certificate.

openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Optionally, generate a PKCS certificate to be installed into the browser, mobile or whatever:

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

2. Configure your web-server

This example is for NGINX with FastCGI.

server {
    ...
    ssl_client_certificate /etc/nginx/certs/Your_CA_Public_Key.crt;
    ssl_verify_client optional;

    location ~ \.php$ {
        ...
        fastcgi_param SSL_CLIENT_VERIFY    $ssl_client_verify;
        fastcgi_param SSL_CLIENT_S_DN      $ssl_client_s_dn;
    }
}

You can also add pass some other useful params, see resources below.

Resources

Installation

1. Install the package

This assumes that you have composer installed globally:

composer require ingria/laravel-x509-auth

2. Register middleware

Add \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class to your routeMiddleware array in app/Http/Kernel.php.

For example, you can call it auth.x509, by analogy with Laravel's auth.basic name:

// app/Http/Kernel.php

...
protected $routeMiddleware = [
    // a whole bunch of middlewares...
    'auth.x509' => \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class,
];

Resources

Usage

Just add the middleware's name to any route or controller instead of default auth. For example:

// routes/web.php

Route::get('/', 'YourController@method')->middleware('auth.x509');

Resources

License

The MIT License (MIT). Please see License File for more information.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
9
Forks
3
Watchers
1
Contributors
1
Repository size
4.88 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

v1.1.0
v1.0.0

Contributors

Birger Jarl


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2020-11-24 08:08:04 UTC

Login to resync this project