keycloak-scim/docs/guides/securing-apps/mod-auth-openidc.adoc

<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/links.adoc" as links>

<@tmpl.guide
title="mod_auth_openidc Apache HTTPD Module"
priority=50
summary="Configuring the mod_auth_openidc Apache module with {project_name}">


WARNING: {project_name} does not provide any official support to mod_auth_openidc. The instructions below are best-effort and may not be up-to-date.
We recommend that you stick to official mod_auth_openidc documentation for more details.

The https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc] is an Apache HTTP plugin for OpenID Connect. If your language/environment supports using Apache HTTPD
as a proxy, then you can use _mod_auth_openidc_ to secure your web application with OpenID Connect.  Configuration of this module
is beyond the scope of this document.  Please see the _mod_auth_openidc_ GitHub repo for more details on configuration.

To configure _mod_auth_openidc_ you'll need

* The client_id.
* The client_secret.
* The redirect_uri to your application.
* The {project_name} openid-configuration url
* _mod_auth_openidc_ specific Apache HTTPD module config.

An example configuration would look like the following.

[source,subs="attributes+"]
----
LoadModule auth_openidc_module modules/mod_auth_openidc.so

ServerName ${r"${HOSTIP}"}

<VirtualHost *:80>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    #this is required by mod_auth_openidc
    OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer

    OIDCProviderMetadataURL ${r"${KC_ADDR}"}{kc_realms_path}/${r"${KC_REALM}"}/.well-known/openid-configuration

    OIDCClientID ${r"${CLIENT_ID}"}
    OIDCClientSecret ${r"${CLIENT_SECRET}"}
    OIDCRedirectURI http://${r"${HOSTIP}"}/${r"${CLIENT_APP_NAME}"}/redirect_uri

    # maps the preferred_username claim to the REMOTE_USER environment variable
    OIDCRemoteUserClaim preferred_username

    <Location /${r"${CLIENT_APP_NAME}"}/>
        AuthType openid-connect
        Require valid-user
    </Location>
</VirtualHost>
----

Further information on how to configure mod_auth_openidc can be found on the https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc]
project page.

</@tmpl.guide>
Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`<#import "/templates/guide.adoc" as tmpl>`
			`<#import "/templates/links.adoc" as links>`

			`<@tmpl.guide`
			`title="mod_auth_openidc Apache HTTPD Module"`
Convert chapter planning for securing applications and services to guides Final removal of the securing_apps documentation Final checks for links, order and other minor things Closes #31328 Signed-off-by: rmartinc <rmartinc@redhat.com> 2024-07-31 08:20:50 +00:00			`priority=50`
Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`summary="Configuring the mod_auth_openidc Apache module with {project_name}">`

Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00
Update documentation after adapters removal closes #28792 Signed-off-by: mposolda <mposolda@gmail.com> 2024-05-20 11:05:32 +00:00			`WARNING: {project_name} does not provide any official support to mod_auth_openidc. The instructions below are best-effort and may not be up-to-date.`
			`We recommend that you stick to official mod_auth_openidc documentation for more details.`

Fix links (#1802) 2023-03-20 07:06:58 +00:00			`The https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc] is an Apache HTTP plugin for OpenID Connect. If your language/environment supports using Apache HTTPD`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00			`as a proxy, then you can use _mod_auth_openidc_ to secure your web application with OpenID Connect. Configuration of this module`
Fix typos in Server Admin 2018-01-25 08:35:22 +00:00			`is beyond the scope of this document. Please see the _mod_auth_openidc_ GitHub repo for more details on configuration.`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00
			`To configure _mod_auth_openidc_ you'll need`

			`* The client_id.`
			`* The client_secret.`
			`* The redirect_uri to your application.`
Add attributes.adoc for guides to share common attributes (#24519) 2023-11-08 14:09:04 +00:00			`* The {project_name} openid-configuration url`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00			`* _mod_auth_openidc_ specific Apache HTTPD module config.`

			`An example configuration would look like the following.`

Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`[source,subs="attributes+"]`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00			`----`
			`LoadModule auth_openidc_module modules/mod_auth_openidc.so`

Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`ServerName ${r"${HOSTIP}"}`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00
			`<VirtualHost *:80>`

			`ServerAdmin webmaster@localhost`
			`DocumentRoot /var/www/html`

			`#this is required by mod_auth_openidc`
			`OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer`

Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`OIDCProviderMetadataURL ${r"${KC_ADDR}"}{kc_realms_path}/${r"${KC_REALM}"}/.well-known/openid-configuration`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00
Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`OIDCClientID ${r"${CLIENT_ID}"}`
			`OIDCClientSecret ${r"${CLIENT_SECRET}"}`
			`OIDCRedirectURI http://${r"${HOSTIP}"}/${r"${CLIENT_APP_NAME}"}/redirect_uri`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00
Fix minor typos in the 'Securing Applications and Services' guide (#1704) 2022-10-19 06:49:23 +00:00			`# maps the preferred_username claim to the REMOTE_USER environment variable`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00			`OIDCRemoteUserClaim preferred_username`

Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00			`<Location /${r"${CLIENT_APP_NAME}"}/>`
Fix #11: Document integration with Apache module mod_auth_openidc 2016-06-06 08:22:23 +00:00			`AuthType openid-connect`
			`Require valid-user`
			`</Location>`
			`</VirtualHost>`
			`----`

Fix links (#1802) 2023-03-20 07:06:58 +00:00			`Further information on how to configure mod_auth_openidc can be found on the https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc]`
Fix links 2017-11-16 06:07:35 +00:00			`project page.`
Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> 2024-07-30 09:45:27 +00:00
			`</@tmpl.guide>`