libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/guides/securing-apps/mod-auth-openidc.adoc
rmartinc 942d5d0aa3 Convert chapter planning for securing applications and services to guides 
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-01 16:45:56 +02:00

60 lines
2.2 KiB
Text
Raw Blame History

<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/links.adoc" as links>
<@tmpl.guide
title="mod_auth_openidc Apache HTTPD Module"
priority=50
summary="Configuring the mod_auth_openidc Apache module with {project_name}">
WARNING: {project_name} does not provide any official support to mod_auth_openidc. The instructions below are best-effort and may not be up-to-date.
We recommend that you stick to official mod_auth_openidc documentation for more details.
The https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc] is an Apache HTTP plugin for OpenID Connect. If your language/environment supports using Apache HTTPD
as a proxy, then you can use _mod_auth_openidc_ to secure your web application with OpenID Connect. Configuration of this module
is beyond the scope of this document. Please see the _mod_auth_openidc_ GitHub repo for more details on configuration.
To configure _mod_auth_openidc_ you'll need
* The client_id.
* The client_secret.
* The redirect_uri to your application.
* The {project_name} openid-configuration url
* _mod_auth_openidc_ specific Apache HTTPD module config.
An example configuration would look like the following.
[source,subs="attributes+"]
----
LoadModule auth_openidc_module modules/mod_auth_openidc.so
ServerName ${r"${HOSTIP}"}
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#this is required by mod_auth_openidc
OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
OIDCProviderMetadataURL ${r"${KC_ADDR}"}{kc_realms_path}/${r"${KC_REALM}"}/.well-known/openid-configuration
OIDCClientID ${r"${CLIENT_ID}"}
OIDCClientSecret ${r"${CLIENT_SECRET}"}
OIDCRedirectURI http://${r"${HOSTIP}"}/${r"${CLIENT_APP_NAME}"}/redirect_uri
# maps the preferred_username claim to the REMOTE_USER environment variable
OIDCRemoteUserClaim preferred_username
<Location /${r"${CLIENT_APP_NAME}"}/>
AuthType openid-connect
Require valid-user
</Location>
</VirtualHost>
----
Further information on how to configure mod_auth_openidc can be found on the https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc]
project page.
</@tmpl.guide>
Reference in a new issue View git blame Copy permalink