search

safing / tlsauth

Traefik plugin to authenticate users based on the Common Name, DNS Names and Email Addresses of their TLS client certificate. Optionally add the username as a request header for the upstream service.
MIT License
6 stars 3 forks source link

Client cert was not validated #1

Closed duj4 closed 4 months ago

duj4 commented 4 months ago

Dear author,

I am trying to use this plugin in my Traefik for authenticating client cert and here is my configuration: static.yml:

experimental:
  localPlugins:
    tlsauth:
      moduleName: tlsauth

Plugin loaded successfully: image

dynamic.yml:

http:
  middlewares:
    tlsauth:
      plugin:
        tlsauth:
          # usernameHeader: "User"
          users:
            a: b

The CN and SAN in my lab is for "centos8-1", but I set the key/value pair in users as "a:b", it should block the access? As the expected CN/SAN should be a. However, when I tried to curl the site, it is still valid:

[dujas@centos8-1 tls]$ curl https://centos8-1:8443 --cacert ca.crt --cert centos8-1.crt --key centos8-1.key
<a href="/dashboard/">Found</a>.

Did I missing something?

Thanks.

duj4 commented 4 months ago

Well, my bad, I found the way out