2016-06-06 08:22:23 +00:00
[[_mod_auth_openidc]]
2016-06-09 13:12:10 +00:00
==== mod_auth_openidc Apache HTTPD Module
2016-06-06 08:22:23 +00:00
2017-11-16 06:07:35 +00:00
The https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc] is an Apache HTTP plugin for OpenID Connect. If your language/environment supports using Apache HTTPD
2016-06-06 08:22:23 +00:00
as a proxy, then you can use _mod_auth_openidc_ to secure your web application with OpenID Connect. Configuration of this module
2018-01-25 08:35:22 +00:00
is beyond the scope of this document. Please see the _mod_auth_openidc_ GitHub repo for more details on configuration.
2016-06-06 08:22:23 +00:00
To configure _mod_auth_openidc_ you'll need
* The client_id.
* The client_secret.
* The redirect_uri to your application.
* The Keycloak openid-configuration url
* _mod_auth_openidc_ specific Apache HTTPD module config.
An example configuration would look like the following.
[source,xml]
----
LoadModule auth_openidc_module modules/mod_auth_openidc.so
ServerName ${HOSTIP}
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#this is required by mod_auth_openidc
OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
OIDCProviderMetadataURL ${KC_ADDR}/auth/realms/${KC_REALM}/.well-known/openid-configuration
OIDCClientID ${CLIENT_ID}
OIDCClientSecret ${CLIENT_SECRET}
OIDCRedirectURI http://${HOSTIP}/${CLIENT_APP_NAME}/redirect_uri
# maps the prefered_username claim to the REMOTE_USER environment variable
OIDCRemoteUserClaim preferred_username
<Location /${CLIENT_APP_NAME}/>
AuthType openid-connect
Require valid-user
</Location>
</VirtualHost>
----
2017-11-16 06:07:35 +00:00
Further information on how to configure mod_auth_openidc can be found on the https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc]
project page.