mod_auth_openidc documentation
You can read the documentation of mod_auth_openidc at https://github.com/zmartzone/mod_auth_openidc/wiki
Steps
| Step 1 | Install mod_auth_openidc. Use the package manager of your Linux distribution |
|---|---|
| Step 2 | Make sure that the module is enabled in your Apache configuration |
| Step 3 | Register your service as an OIDC client. Read: How to connect a new service to the Geant AAI Service. |
| Step 4: | The redirect_uri for your service is shown in the mod_auth_openidc configuration below |
Example mod_auth_openidc configuration
<VirtualHost *:443>
OIDCProviderMetadataURL https://proxy.aai.geant.org/.well-known/openid-configuration
OIDCClientID <CLIENT_ID>
OIDCClientSecret <CLIENT_SECRET>
OIDCRedirectURI https://<SERVER_FQDN>/redirect_uri
OIDCCryptoPassphrase <RANDOM-LONG_STRING>
<!--
Available scopes can be found at: https://wiki.geant.org/display/GSPP/Attributes+available+to+Connected+Services
-->
OIDCScope "openid email profile"
<!--
The configuration of your application goes here.
If you want to configure specific location to require
OIDC authentication see the example below.
-->
<Location /<protected-resource>
<!--
More information about authorization can be found here:
https://github.com/zmartzone/mod_auth_openidc/wiki/Authorization#1-mod_auth_openidc
-->
AuthType openid-connect
Require valid-user
</Location>
</VirtualHost>
Create a target page below the /<protected-resource/ location
<!--
This example php page will read the environment variables created by the
OIDC module after a successful login and display them
-->
<html>
<body>
<h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1>
<pre><?php print_r(array_map("htmlentities", apache_request_headers())); ?></pre>
<a href="/protected/redirect_uri?logout=https%3A%2F%2Flocalhost%2Floggedout.html">Logout</a>
</body>
</html>