5

I can make browser to force authentication with smart card eg ID-card when php file is protected with SSLVerifyClient in apache conf.

Now i need to display index.php usually without requiring smart card authentication and sometimes this same page must get user authenticated.

doStuff();
if ($needed==1)
  authenticateUser();
doMoreStuff();

What must authenticateUser() contain so that calling it causes browser to ask smart card pin code?

Bill the Lizard
  • 398,270
  • 210
  • 566
  • 880
Margus Pala
  • 8,433
  • 8
  • 42
  • 52

1 Answers1

4

You're mixing the things a tiny bit.
authenticateUser(); runs on the server, while the authentication occurres on the client. You can't stop in the middle of running a PHP script for a client authentication and then continue running the PHP script.

As a solution to your question, this might work in your case:

if(authenticationNeeded)
{
   // redirect to a page that requires authentication that does what index was supposed to do.
   redirect('index_ssl.php');
}

By using .htaccess you can define SSLVerifyClient require only for some of the directories/files.
The key point is: your web server(Apache in this case) requires a client certificate in order to grant access to any directories/files for which you specify SSLVerifyClient require.

In conclusion, there is no way to do what you want. You can only have files/directories that either require or don't require a client certificate. Tthere is no way to stop in the middle of a PHP file in order to require a client certificate, but you could redirect to one that requires one.

Marius Burz
  • 4,555
  • 2
  • 18
  • 28
  • ok. after the web server does the authentication, in PHP is it possible to verify and/or read any data from the client certificate / authentication ? – Massimo May 03 '17 at 16:39