Skip to main content

Apache Tutorial

Welcome to the Apache setup tutorial. This tutorial will guide you through the steps to integrate AuthSezam with Apache.

Watch the following video for a quick overview of the integration process and its benefits.

I - Technical Prerequisites

In order to set up mod auth openidc, you must have:

  • Your application on an Apache2 web server
  • For the provided examples, a PHP installation (optional)
  • Basic bash knowledge (Linux)
  • Basic knowledge of Apache2 configuration
  • Have the variables available :
    • $realmName = the name of your realm*
    • $clientId = the name of the client*
    • $domaineNameAuth = the domain name for authentication*
    • $domaineNameApp = the domain name of your application
    • $clientSecret = the client secret*
    • $protectedWebSite = the relative path where the part of your site that requires authentication is located*
    • $password = a password specific to your configuration (for encryption), you can use this command to generate it from your terminal: echo $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 60 ; echo '')

*Provided by us in a separate document

II - Installing the Components

You can install the components on an Ubuntu base, for example with these commands:

libapache2-mod-auth-openidc

sudo apt-get install libapache2-mod-auth-openidc
sudo a2enmod auth_openidc
service apache2 restart

III - Configuring the Components

In order to set up mod auth openidc, you need to modify the Apache configuration of your web server with the properties below:

#Add this code within the <VirtualHost> tag in the Apache configuration file of your application, replacing the variables.
OIDCXForwardedHeaders X-Forwarded-Host
OIDCXForwardedHeaders X-Forwarded-Proto
OIDCXForwardedHeaders X-Forwarded-Port
OIDCCryptoPassphrase $password
OIDCProviderMetadataURL https://$domaineNameAuth/realms/$realmName/.well-
known/openid-configuration
OIDCClientID $clientId
OIDCClientSecret $clientSecret
OIDCRedirectURI https://$domaineNameApp/log/redirect
OIDCHTMLErrorTemplate /var/www/$domaineNameApp/OIDCHTMLErrorTemplate/
OIDCHTMLErrorTemplate
<Location /$protectedWebSite>
AuthType openid-connect
Require valid-user
</Location>

IV - Testing and Validation

To test the authentication functionality, you can copy the code below into an index.html file in var/www/$domaineNameApp, replacing the href in the <a> tag. You must also configure an Apache configuration accordingly. Example: https://domainname/protectedpath

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>tuto openid</title>
</head>
<body
style="margin: 0; width: 100vw; height: 100vh; background-color: #17375E;
display: flex; align-items: center; justify-content: center;"
>
<a
href="https://$domaineNameApp/$protectedWebSite"
class="button"
style="display:
flex; align-items: center; justify-content: center; color:#000000; background-color:
#FFFF; width: 8rem; height: 3rem; border-radius: 1rem; border-style: none; text-
decoration: none;"
>Login</a
>
</body>
</html>