====== Using CN (or other portion) from Client Cert ======

** Background **

All access to edit our wiki is controlled using client certificates (over SSL). 

This means REMOTE_USER is set to the entire certificate subject, which can be very very long as those using certificates for authentication probably know. 

The long subject as username makes it difficult to determine the actual user when looking at revision history or page footers, and clutters the overall experience. 

** Patch **

The following patch makes it easy to pick out a portion of the certificate subject to use as the "username" when displayed by wiki. In this case we are using the CN portion, but an email address might be another option. 

This is a non-destructive change, the entire subject is still stored with edits, but only the portion you select is displayed on the page. This portion may be changed at any time. 

dokuwiki_format_user.diff
<file>
Index: inc/html.php
===================================================================
--- inc/html.php        (revision 15)
+++ inc/html.php        (revision 17)
@@ -370,7 +370,7 @@
   print '<div class="meta">';
   if($_SERVER['REMOTE_USER']){
     print '<div class="user">';
-    print $lang['loggedinas'].': '.$_SERVER['REMOTE_USER'];
+    print $lang['loggedinas'].': '.format_user($_SERVER['REMOTE_USER']);
     print '</div>';
   }
   print ' &nbsp; ';
@@ -382,13 +382,13 @@
     print $date;
     if($INFO['editor']){
       print ' '.$lang['by'].' ';
-      print $INFO['editor'];
+      print format_user($INFO['editor']);
     }
     if($INFO['locked']){
       print ' &middot; ';
       print $lang['lockedby'];
       print ': ';
-      print $INFO['locked'];
+      print format_user($INFO['locked']);
     }
   }
   print '</div>';
@@ -628,7 +628,7 @@
     print $INFO['sum'];
     print ' <span class="user">(';
     print $INFO['ip'];
-    if($INFO['user']) print ' '.$INFO['user'];
+    if($INFO['user']) print ' '.format_user($INFO['user']);
     print ')</span> ';

     print '('.$lang['current'].')';
@@ -644,7 +644,7 @@
     print $info['sum'];
     print ' <span class="user">(';
     print $info['ip'];
-    if($info['user']) print ' '.$info['user'];
+    if($info['user']) print ' '.format_user($info['user']);
     print ')</span> ';

     print '<a href="'.wl($ID,"rev=$rev,do=diff").'">';
@@ -673,7 +673,7 @@
     print ' '.htmlspecialchars($recents[$id]['sum']);
     print ' <span class="user">(';
     print $recents[$id]['ip'];
-    if($recents[$id]['user']) print ' '.$recents[$id]['user'];
+    if($recents[$id]['user']) print ' '.format_user($recents[$id]['user']);
     print ')</span>';
     print '</li>';
   }
Index: inc/format.php
===================================================================
--- inc/format.php      (revision 15)
+++ inc/format.php      (revision 17)
@@ -562,4 +562,19 @@
   return false;
 }

+/**
+ *  Extracts common name (CN) from client certificates when displaying user info.
+ *
+ * @author August Zajonc <augustz@augustz.com>
+ */
+function format_user($user) {
+
+        if (strpos($user, '/CN=')) {
+                if (preg_match("|/CN=(.+)/|U", $user, $matches))
+                        return $matches[1];
+        }
+
+               return $user;
+}
+
 ?>
</file>

augustz@augustz.com