Difference between revisions of "Mod auth openidc"
From TMM Wiki
Jump to navigationJump to search| Line 3: | Line 3: | ||
== Installing mod_auth_openidc == | == Installing mod_auth_openidc == | ||
| − | Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed. Here is a [https://github.com/zmartzone/mod_auth_openidc/releases link] to their releases. It would be best if they can use one of the install packages. If not, they can compile it from source. | + | Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed. Here is a [https://github.com/zmartzone/mod_auth_openidc/releases link] to their releases. It would be best if they can use one of the install packages. If not, they can compile it from source. NATS OpenID Connect server supports mod_auth_openidc starting from version 2.2.0. |
| + | |||
| + | |||
| + | == Example Virtual Host Settings == | ||
| + | Here is an example extract from an apache virtual host for a members area | ||
| + | |||
| + | <pre> | ||
| + | <Files openid_return.php> | ||
| + | AuthType openid-connect | ||
| + | Require valid-user | ||
| + | </Files> | ||
| + | |||
| + | OIDCProviderMetadataURL http://bob.whiskey.toomuchmedia.com/.well-known/member-openid-configuration | ||
| + | OIDCClientID 1,3,99 | ||
| + | OIDCClientSecret clientSecret | ||
| + | OIDCScope openid | ||
| + | OIDCRedirectURI http://openidclient.com/openid_return.php | ||
| + | OIDCCryptoPassphrase cryptoPass | ||
| + | OIDCSSLValidateServer Off | ||
| + | OIDCSessionInactivityTimeout 30 | ||
| + | OIDCSessionMaxDuration 0 | ||
| + | OIDCRemoteUserClaim username | ||
| + | OIDCUserInfoRefreshInterval 0 | ||
| + | OIDCUserInfoSignedResponseAlg RS256 | ||
| + | OIDCTokenBindingPolicy disabled | ||
| + | </pre> | ||
Revision as of 20:05, 1 August 2018
Apache module mod_auth_openidc allows you to authenticate members using NATS as the OpenID Connect server
Installing mod_auth_openidc
Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed. Here is a link to their releases. It would be best if they can use one of the install packages. If not, they can compile it from source. NATS OpenID Connect server supports mod_auth_openidc starting from version 2.2.0.
Example Virtual Host Settings
Here is an example extract from an apache virtual host for a members area
<Files openid_return.php> AuthType openid-connect Require valid-user </Files> OIDCProviderMetadataURL http://bob.whiskey.toomuchmedia.com/.well-known/member-openid-configuration OIDCClientID 1,3,99 OIDCClientSecret clientSecret OIDCScope openid OIDCRedirectURI http://openidclient.com/openid_return.php OIDCCryptoPassphrase cryptoPass OIDCSSLValidateServer Off OIDCSessionInactivityTimeout 30 OIDCSessionMaxDuration 0 OIDCRemoteUserClaim username OIDCUserInfoRefreshInterval 0 OIDCUserInfoSignedResponseAlg RS256 OIDCTokenBindingPolicy disabled
