authentication - How to get NGINX / Django to detect when CAC / smartcard is removed? -


I have a jaggenso application that sits behind njenax, for which to authenticate the user through CAC (smartcard) is needed. The CAC ID is read by NGNX and the Django is passed, which creates an ID for that user for the dynamic user and logs in that user. That part works fine

However, if the user removes their CAC from the card reader, the application still runs together, so that the user can continue to load the pages of that domain.

I force Nginx to confirm the CAC certificate on each page load, so that after the CAC was removed, could the DJgo force the user to log out and re-certify them?

Nginx config: 

  Server {443 Listen to SSL; Server_name my-server; Ssl_certificate ssl / server.crt; Ssl_certificate_key SSL / Server. Ssl_verify_client on; Ssl_verify_depth 2; Ssl_client_certificate /etc/ssl/certs/dod-root-serts.pem; Location / static / {aka / etc / nginx / static /; 30d expired; } Location / {proxy_pass http: // localhost: 8000 /; Proxy_redirect closed; Host $ proxy_set_header host; Proxy_set_header X-real-IP $ remote_adder; Proxy_set_header x-schema $ scheme; Proxy_set_header X-Forward- $ proxy_add_x_forwarded_for; Proxy_set_header X-Forward-Protocol SSL; Proxy_set_header X-SSL-User-DN $ ssl_client_s_dn; Proxy_set_header X-SSL-authenticated $ ssl_client_verify; Proxy_connect_timeout 60; Proxy_read_timeout 60; It is not possible on server-side and beyond nginx control;}}

The nature of SSL is that it can be certified and authorized, but it will use a session to remember a decision.

Think of the site as a building. Once you become certified using some kind of keycard, you go in and you can easily walk around, in such areas you may need additional authorization and your credentials provided at the entrance Will be used for this.

What you are asking is that when you leave your key card, you will be picked up instantly and you will be removed from the building, you see that issue and the normal procedure is to walk out of the building, Which means a customer-side action is your best bet to do this so that the keycard is removed after sending a logout request from the client. This is a subject as it is of itself.


Comments

Post a Comment

Popular posts from this blog

ios - How do I use CFArrayRef in Swift? -

I am using Objective-class in my Swift Project through a bridging header. The method signature looks like this: - Some cement (some type) some parameters; I started by getting an example of class, calling method, and storing the value: var myInstance = MyClassWithThatMethod (); Var cfArr = myInstance.someMethod (some value); Then try to get the value in the array: var valueInArrayThatIWant = CFArrayGetValueAtIndex (cfArr, 0); However, I get the error unmanaged & lt; Cfarray & gt; Not like 'CFArray' . Unmanaged & lt; Cfarray & gt; also means? I looked, but I do not need to change the array in a fast array (though it would be good). I need to be able to get value from the array. I also tried CFArray method to pass in a function: func doSomeStuffOnArray (myArray: NSArray) {} Although I get the same error when using: doSomeStuffOnArray (cfArr); // unmanaged & lt; CFArray & gt; I am using CFArray because I want to sto...
Read more

eclipse plugin - Run java code error: Workspace is closed -

To create an automated project, I created a plug-in project with the following dependencies: Org.eclipse.core.resources org.eclipse.equinox.registry org.eclipse.core.runtime and the following The Java class is located in the src folder: Package Examiner; Import org.eclipse.core.resources.IProject; Import org.eclipse.core.resources.IWorkspaceRoot; Import org.eclipse.core.resources.ResourcesPlugin; Import org.eclipse.core.runtime.CoreException; Import org.eclipse.core.runtime.IProgressMonitor; Import org.eclipse.core.runtime.NullProgressMonitor; Public class tes {public static zero main (string [] args) {// TODO auto generated method stub IProgressMonitor progress monitor = new NullProgressMonitor (); IWorkspaceRoot root = ResourcesPlugin.getWorkspace (). GetRoot (); Ipoject project = root.jetproject ("desired projectname"); Try {Project.create (progress monitor); Project.open (progressMonitor); } Grip (CoreException E) {// TODO Auto generated blocking block e....
Read more

c - Error on building source code in VC 6 -

When I create my project in VC6, the BScMKE reports the following error Linking .. Creating Library ... .. / ... / PB / Bean / Debub / ICEERP.Lib and Object ........ P.B. / Bean / DBube / ICREPlay.APP Browse information file ... BSMMK: ​​error can not be read from BK 1505: file '../../PB/bin/TmpOut/ICReplay/Debug/ICReplay_PB.bsc' Error executing bscmake.exe Can someone help me? 2 Reason for reference from: "ICReplay_PB .bsc "file will be corrupted The trunk of the file will be happening with the compiler running out of disk space or is being interrupted when creating .sbr file I think this answer will help you!
Read more