mod_auth_openidc documentation

You can read the documentation of mod_auth_openidc at https://github.com/zmartzone/mod_auth_openidc/wiki

Steps


Step 1Install mod_auth_openidc. Use the package manager of your Linux distribution
Step 2Make sure that the module is enabled in your Apache configuration
Step 3Register your service as an OIDC client. Read: How to connect a new service to the Geant AAI Service.
Step 4:The redirect_uri for your service is shown in the mod_auth_openidc configuration below

Example mod_auth_openidc configuration


<VirtualHost *:443>

  OIDCProviderMetadataURL https://proxy.aai.geant.org/.well-known/openid-configuration
  OIDCClientID <CLIENT_ID>
  OIDCClientSecret <CLIENT_SECRET>
  OIDCRedirectURI https://<SERVER_FQDN>/redirect_uri
  OIDCCryptoPassphrase <RANDOM-LONG_STRING>
  
  <!--
     Available scopes can be found at: https://wiki.geant.org/display/GSPP/Attributes+available+to+Connected+Services
  -->
  OIDCScope "openid email profile"

  <!--
     The configuration of your application goes here.
     If you want to configure specific location to require
     OIDC authentication see the example below.
  -->

  <Location /<protected-resource>


    <!--
      More information about authorization can be found here:
      https://github.com/zmartzone/mod_auth_openidc/wiki/Authorization#1-mod_auth_openidc
    -->


    AuthType openid-connect
    Require valid-user


  </Location>

</VirtualHost>

Create a target page below the /<protected-resource/ location


<!--
This example php page will read the environment variables created by the 
OIDC module after a successful login and display them
-->
<html>
  <body>
    <h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1>
    <pre><?php print_r(array_map("htmlentities", apache_request_headers())); ?></pre>
    <a href="/protected/redirect_uri?logout=https%3A%2F%2Flocalhost%2Floggedout.html">Logout</a>
  </body>
</html>