Apache Tutorial
Welcome to the Apache setup tutorial. This tutorial will guide you through the steps to integrate AuthSezam with Apache.
Watch the following video for a quick overview of the integration process and its benefits.
I - Technical Prerequisites
In order to set up mod auth openidc, you must have:
- Your application on an Apache2 web server
- For the provided examples, a PHP installation (optional)
- Basic bash knowledge (Linux)
- Basic knowledge of Apache2 configuration
- Have the variables available :
$realmName
= the name of your realm*$clientId
= the name of the client*$domaineNameAuth
= the domain name for authentication*$domaineNameApp
= the domain name of your application$clientSecret
= the client secret*$protectedWebSite
= the relative path where the part of your site that requires authentication is located*$password
= a password specific to your configuration (for encryption), you can use this command to generate it from your terminal:echo $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 60 ; echo '')
*Provided by us in a separate document
II - Installing the Components
You can install the components on an Ubuntu base, for example with these commands:
sudo apt-get install libapache2-mod-auth-openidc
sudo a2enmod auth_openidc
service apache2 restart
III - Configuring the Components
In order to set up mod auth openidc, you need to modify the Apache configuration of your web server with the properties below:
#Add this code within the <VirtualHost> tag in the Apache configuration file of your application, replacing the variables.
OIDCXForwardedHeaders X-Forwarded-Host
OIDCXForwardedHeaders X-Forwarded-Proto
OIDCXForwardedHeaders X-Forwarded-Port
OIDCCryptoPassphrase $password
OIDCProviderMetadataURL https://$domaineNameAuth/realms/$realmName/.well-
known/openid-configuration
OIDCClientID $clientId
OIDCClientSecret $clientSecret
OIDCRedirectURI https://$domaineNameApp/log/redirect
OIDCHTMLErrorTemplate /var/www/$domaineNameApp/OIDCHTMLErrorTemplate/
OIDCHTMLErrorTemplate
<Location /$protectedWebSite>
AuthType openid-connect
Require valid-user
</Location>
IV - Testing and Validation
To test the authentication functionality, you can copy the code below into an index.html
file in var/www/$domaineNameApp
, replacing the href
in the <a>
tag. You must also configure an Apache configuration accordingly.
Example: https://domainname/protectedpath
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>tuto openid</title>
</head>
<body
style="margin: 0; width: 100vw; height: 100vh; background-color: #17375E;
display: flex; align-items: center; justify-content: center;"
>
<a
href="https://$domaineNameApp/$protectedWebSite"
class="button"
style="display:
flex; align-items: center; justify-content: center; color:#000000; background-color:
#FFFF; width: 8rem; height: 3rem; border-radius: 1rem; border-style: none; text-
decoration: none;"
>Login</a
>
</body>
</html>