Repeatable: Always

With a fresh/new Drupal 7.14 install for a new standalone website:

Steps to repeat:

  1. Download Module Certificate Login
  2. Un-compress certificatelogin-7.x-2.0-rc1.tar.gz into modules folder
  3. Visit admin/modules page in site, enable module and configure (/#overlay=admin/config/people/certificatelogin)

Expected Results:
To see options for "Automatic Login Path", and "Account Creation" as mentioned in the README.txt and features list.

Actual Results:
After enabling the module, the "Certificate Login Settings" page only has the following options available:

  • "PHP code to retrieve auth name",
  • "Current Login Override",
  • "Present login link on access denied (403)" (note: this will not save to "Enabled")
  • "Access Denied Custom Message".

The "Automatic Login Path", and "Account Creation" settings are missing from this screen and I can't find them anywhere else. So obviously right now it won't actually authenticate anyone with a certificate, only username/password.

No errors are being logged in the Apache error_log file and there is nothing else to indicate a problem with the installation or module.

(Referencing my community Post Installation post: http://drupal.org/node/1663114)

Comments

ZeiP’s picture

ZeiP CreditAttribution: ZeiP commented
Component: Miscellaneous » Documentation
Assigned: Unassigned » ZeiP
Category: support » bug

Thanks for the report!

The D7 version is quite different from the old D6 version. The account creation option has been removed for now, since Certificate login no longer requires the users to have the certificate auth name as their user name, but instead uses the authmap functionality to bind any number of certificates to user accounts.

You should see a tab on the user account page (/user) that allows you to associate a certificate with the user account. The login page is at /login. I'm hoping to do the login via the normal user login form eventually, so no dedicated form would be necessary.

I'll try to get around updating the documentation to more accurately describe the current status of the module, thanks again for reporting!

ZeiP’s picture

ZeiP CreditAttribution: ZeiP commented

BTW, the problem with ”Present login link on access denied (403)” option default option has been fixed in the new version.

crontab’s picture

crontab CreditAttribution: crontab commented

Yes, I'd seen the account page (/user) tab and successfully associate my certificate to the main admin account, but was unsure what to do next. So I guess this mean all users must create accounts for themselves and then associate their certificate to their account?

Clicking the "Login by Certificate" button on the login page generates the follow error:

  • Warning: array_flip(): Can only flip STRING and INTEGER values! in DrupalDefaultEntityController->load() (line 178 of /webroot/htdocs/includes/entity.inc)
  • A login was attempted but failed. You are currently an anonymous user.
ZeiP’s picture

ZeiP CreditAttribution: ZeiP commented

Currently yes, you have to have all users register and associate their certificates manually. If you need an account create functionality, I suppose it wouldn't be too difficult to return it to the new version also.

The error you cited sounds weird, I'll try to check if I can repeat it. What kind of code do you have for fetching the identifier from the certificate?

crontab’s picture

crontab CreditAttribution: crontab commented

Just $_SERVER["SSL_CLIENT_S_DN"]

openbrian’s picture

openbrian CreditAttribution: openbrian commented

See http://drupal.org/node/1454466#comment-5664306 I had the same problem and this fix worked for me. user_load() only takes a uid now. http://api.drupal.org/api/drupal/modules!user!user.module/function/user_..., but line 293 of the modules sends in an array.

horse-1900’s picture

horse-1900 CreditAttribution: horse-1900 commented

Hi there, I'm experience the same problem with getting the module working. when you say: "You should see a tab on the user account page (/user) that allows you to associate a certificate with the user account."
........could you be a bit more specific please???

All i see is the main configuration page and a "certificate identities" tab that contains an "add certificate button" which gives the following error:

Notice: Undefined property: stdClass::$DN in eval() (line 1 of /var/www/html/test.site/sites/all/modules/certificatelogin/certificatelogin.module(146) : eval()'d code).
A login was attempted but failed because information could not be retrieved from your certificate.

I also could not find any documentation about the "PHP code to retrieve auth name field" on the config page, apart from the single sentence in the readme? IE any examples of differnt values. i just put $GLOBALS['user']->DN which i found in another post.

Thanks in advance! : )

Cheers,
Matt

alienseer23’s picture

alienseer23 CreditAttribution: alienseer23 commented

So I realize that this is Very Old.

But I am getting the same errors, and cannot find the appropriate code to put into the configuration box. I had it working before a security breach into my server, and now I cannot find my notes to reconfigure this.

Can anyone give me an example to validate against an email address in the certificate? I am using the latest Drupal 7 code, and dev version of this module.

Any advice is truly appreciated.

  • ZeiP committed 1da1b4a on 8.x-1.x 
    Issue #1682726 by crontab: ”Present login link on access denied (403)”...
alienseer23’s picture

alienseer23 CreditAttribution: alienseer23 commented

Waking this again just to note that the code that worked in the box was
$_SERVER["SSL_CLIENT_S_DN_Email"]