mod_auth_openidc documentation
You can read the documentation of mod_auth_openidc at https://github.com/zmartzone/mod_auth_openidc/wiki
Steps
Step 1 | Install mod_auth_openidc. Use the package manager of your Linux distribution |
---|---|
Step 2 | Make sure that the module is enabled in your Apache configuration |
Step 3 | Register your service as an OIDC client. Read: How to connect a new service to the Geant AAI Service. |
Step 4: | The redirect_uri for your service is shown in the mod_auth_openidc configuration below |
Example mod_auth_openidc configuration
<VirtualHost *:443> OIDCProviderMetadataURL https://proxy.aai.geant.org/.well-known/openid-configuration OIDCClientID <CLIENT_ID> OIDCClientSecret <CLIENT_SECRET> OIDCRedirectURI https://<SERVER_FQDN>/redirect_uri OIDCCryptoPassphrase <RANDOM-LONG_STRING> <!-- Available scopes can be found at: https://wiki.geant.org/display/GSPP/Attributes+available+to+Connected+Services --> OIDCScope "openid email profile" <!-- The configuration of your application goes here. If you want to configure specific location to require OIDC authentication see the example below. --> <Location /<protected-resource> <!-- More information about authorization can be found here: https://github.com/zmartzone/mod_auth_openidc/wiki/Authorization#1-mod_auth_openidc --> AuthType openid-connect Require valid-user </Location> </VirtualHost>
Create a target page below the /<protected-resource/ location
<!-- This example php page will read the environment variables created by the OIDC module after a successful login and display them --> <html> <body> <h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1> <pre><?php print_r(array_map("htmlentities", apache_request_headers())); ?></pre> <a href="/protected/redirect_uri?logout=https%3A%2F%2Flocalhost%2Floggedout.html">Logout</a> </body> </html>