49 lines
1.7 KiB
Text
49 lines
1.7 KiB
Text
[[_mod_auth_openidc]]
|
|
==== mod_auth_openidc Apache HTTPD Module
|
|
|
|
The https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc] is an Apache HTTP plugin for OpenID Connect. If your language/environment supports using Apache HTTPD
|
|
as a proxy, then you can use _mod_auth_openidc_ to secure your web application with OpenID Connect. Configuration of this module
|
|
is beyond the scope of this document. Please see the _mod_auth_openidc_ GitHub repo for more details on configuration.
|
|
|
|
To configure _mod_auth_openidc_ you'll need
|
|
|
|
* The client_id.
|
|
* The client_secret.
|
|
* The redirect_uri to your application.
|
|
* The Keycloak openid-configuration url
|
|
* _mod_auth_openidc_ specific Apache HTTPD module config.
|
|
|
|
An example configuration would look like the following.
|
|
|
|
[source,xml]
|
|
----
|
|
LoadModule auth_openidc_module modules/mod_auth_openidc.so
|
|
|
|
ServerName ${HOSTIP}
|
|
|
|
<VirtualHost *:80>
|
|
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
|
|
#this is required by mod_auth_openidc
|
|
OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
|
|
|
|
OIDCProviderMetadataURL ${KC_ADDR}/auth/realms/${KC_REALM}/.well-known/openid-configuration
|
|
|
|
OIDCClientID ${CLIENT_ID}
|
|
OIDCClientSecret ${CLIENT_SECRET}
|
|
OIDCRedirectURI http://${HOSTIP}/${CLIENT_APP_NAME}/redirect_uri
|
|
|
|
# maps the prefered_username claim to the REMOTE_USER environment variable
|
|
OIDCRemoteUserClaim preferred_username
|
|
|
|
<Location /${CLIENT_APP_NAME}/>
|
|
AuthType openid-connect
|
|
Require valid-user
|
|
</Location>
|
|
</VirtualHost>
|
|
----
|
|
|
|
Further information on how to configure mod_auth_openidc can be found on the https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc]
|
|
project page.
|