Apache integration - OpenID Connect


Requirements

This integration guide is created using Ubuntu Linux and Apache2. For other Linux distros adjust the instructions accordingly.
Buypass Code OpenID Connect provides authentication through mobile phone numbers. The published web application must perform the authorization of its users.
The users mobile number will be passed to the application by http header.

Prerequisites

Integration

Install Connect module

Run commands:

  • sudo apt-get update
  • sudo apt-get install libapache2-mod-auth-openidc


OpenID Connect configuration

Edit auth_openidc.conf with the OIDC configuration parameters. The file location in Ubuntu is mods_available/. For Red Hat the location is conf.d/

OIDCRedirectURI https://testoidc.bpcodedemo.no/secure/redirect_uri

OIDCCryptoPassPhrase secretpassphrase12345

OIDCProviderMetadataURL https://auth.code.buypass.no/auth/realms/bpcode/.well-known/openid-configuration

OIDCClientID apache-demo

OIDCClientSecret clientsecret12345

OIDCScope "openid email profile"

OIDCRemoteUserClaim preferred_username


Enable the OpenID Connect module with the following command

sudo a2enmod auth_openidc


Enable OpenID Connect authentication for the website to be secured. This is typically done in the sites-enabled folder.

<Directory "/var/www/html">

AuthType openid-connect

Require valid-user

</Directory>


Enable passing of the user identity through http-header with the following command

sudo a2enmod headers


Verification

To verify the successful passing of the user identity in the http header, it is possible to create a sample PHP file, e.g. index.php.

<html>
<body>
<h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1>
<pre><?php print_r(array_map("htmlentities", apache_request_headers())); ?></pre>
<a href="/protected/redirect_uri?logout=https%3A%2F%2Flocalhost%2Floggedout.html">Logout</a>
</body>
</html>

Remember to install PHP in Apache for successful verification.

sudo apt-get install php libapache2-mod-php


Innhold