Apache integration - OpenID Connect
- Georg Johansen
- Lise Kristoffersen
Requirements
This integration guide is created using Ubuntu Linux and Apache2. For other Linux distros adjust the instructions accordingly.
Buypass Code OpenID Connect provides authentication through mobile phone numbers. The published web application must perform the authorization of its users.
The users mobile number will be passed to the application by http header.
Prerequisites
- Web site published by Apache web server.
- OpenID Connect configuration acquired from Buypass.
- Knowledge of the Apache OIDC module to be used, https://github.com/zmartzone/mod_auth_openidc.
Integration
Install Connect module
Run commands:
- sudo apt-get update
- sudo apt-get install libapache2-mod-auth-openidc
OpenID Connect configuration
Edit auth_openidc.conf with the OIDC configuration parameters. The file location in Ubuntu is mods_available/. For Red Hat the location is conf.d/
OIDCRedirectURI https://testoidc.bpcodedemo.no/secure/redirect_uri
OIDCCryptoPassPhrase secretpassphrase12345
OIDCProviderMetadataURL https://auth.code.buypass.no/auth/realms/bpcode/.well-known/openid-configuration
OIDCClientID apache-demo
OIDCClientSecret clientsecret12345
OIDCScope "openid email profile"
OIDCRemoteUserClaim preferred_username
Enable the OpenID Connect module with the following command
sudo a2enmod auth_openidc
Enable OpenID Connect authentication for the website to be secured. This is typically done in the sites-enabled folder.
<Directory "/var/www/html">
AuthType openid-connect
Require valid-user
</Directory>
Enable passing of the user identity through http-header with the following command
sudo a2enmod headers
Verification
To verify the successful passing of the user identity in the http header, it is possible to create a sample PHP file, e.g. index.php.
<html>
<body>
<h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1>
<pre><?php print_r(array_map("htmlentities", apache_request_headers())); ?></pre>
<a href="/protected/redirect_uri?logout=https%3A%2F%2Flocalhost%2Floggedout.html">Logout</a>
</body>
</html>
Remember to install PHP in Apache for successful verification.
sudo apt-get install php libapache2-mod-php