Skip to main content

Apache Tutorial

This tutorial will guide you through the steps to integrate AuthSezam IAM/CIAM with Apache.

Watch the following video for a quick overview of the integration process and its benefits.

I - Technical Prerequisites

In order to set up mod auth openidc, you must have:

  • Your application on an Apache2 web server
  • For the provided examples, a PHP installation (optional)
  • Basic bash knowledge (Linux)
  • Basic knowledge of Apache2 configuration
  • Have the variables available :
    • $clientId = OIDC client id*
    • $clientSecret = OIDC client secret*
    • $authBaseUrl = authentication base URL*
    • $realm = name of your realm*
    • $appDomainName = your application's domain name
    • $protectedPath = the relative path where the part of your site that requires authentication is located
    • $password = a password specific to your configuration (for encryption), you can use this command to generate it from your terminal: echo $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 60 ; echo '')

*Provided by OpenSezam team in a private communication

II - Installing

Install mod-auth-openidc, for example on an Ubuntu system you could use these commands:

sudo apt-get install libapache2-mod-auth-openidc
sudo a2enmod auth_openidc
service apache2 restart

III - Configuring

Modify the Apache configuration with the properties below:

#Add this code within the <VirtualHost> tag in the Apache configuration file of your application, replacing the variables.
OIDCXForwardedHeaders X-Forwarded-Host
OIDCXForwardedHeaders X-Forwarded-Proto
OIDCXForwardedHeaders X-Forwarded-Port
OIDCCryptoPassphrase $password
OIDCProviderMetadataURL https://$authBaseUrl/realms/$realm/.well-
known/openid-configuration
OIDCClientID $clientId
OIDCClientSecret $clientSecret
OIDCRedirectURI https://$appDomainName/log/redirect
OIDCHTMLErrorTemplate /var/www/$appDomainName/OIDCHTMLErrorTemplate/
OIDCHTMLErrorTemplate
<Location /$protectedPath>
AuthType openid-connect
Require valid-user
</Location>

IV - Testing and Validation

To test the authentication feature, copy the code below into an index.html file in /var/www/$appDomainName, replacing href property in the <a> tag. You must also configure an Apache configuration accordingly. Example: https://domainname/protectedpath

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>tuto openid</title>
  </head>
  <body
    style="margin: 0; width: 100vw; height: 100vh; background-color: #17375E;
display: flex; align-items: center; justify-content: center;"
  >
    <a
      href="https://$appDomainName/$protectedPath"
      class="button"
      style="display:
flex; align-items: center; justify-content: center; color:#000000; background-color:
#FFFF; width: 8rem; height: 3rem; border-radius: 1rem; border-style: none; text-
decoration: none;"
      >Login</a
    >
  </body>
</html>