zot icon indicating copy to clipboard operation
zot copied to clipboard

Published 20 hours ago verified publisher icon project-zot

Username unknown in case of certificates authentication

Open eusebiu-constantin-petu-dbk opened this issue 2 years ago • 1 comments

Describe the bug

In the case of certificates auth we don't know the username of the client who authenticates with certificates, so we can not correctly use authorization in this case, maybe we should somehow obtain the username from certs?

Additional context

We discovered this while investigating how to use anonymous access per repo, and for certs auth we don't know the username, so we don't know on which policy the user falls to? anonymousAcess or defaultPolicy.

Let's say we have this config, someone authenticate with certs, with the current logic, anonymousAccess policy will be used(because we don't know the username, we don't know if he's authenticated), although defaultPolicy should be use, because he is authenticated.

      "tmp/**": {
        "anonymousAccess": ["read","create"],
        "defaultPolicy": [
          "read",
          "create",
          "update",
          "delete"
        ]
      },

eusebiu-constantin-petu-dbk avatar Jul 12 '22 08:07 eusebiu-constantin-petu-dbk

Would use the SubjectName for this.

rchincha avatar Jul 15 '22 18:07 rchincha