Difference between revisions of "Mod auth openidc"

From TMM Wiki
Jump to navigationJump to search
Line 4: Line 4:
 
== Installing mod_auth_openidc ==
 
== Installing mod_auth_openidc ==
 
Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed.  Here is a [https://github.com/zmartzone/mod_auth_openidc/releases link] to their releases.  It would be best if they can use one of the install packages.  If not, they can compile it from source.  NATS OpenID Connect server supports mod_auth_openidc starting from version 2.2.0.
 
Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed.  Here is a [https://github.com/zmartzone/mod_auth_openidc/releases link] to their releases.  It would be best if they can use one of the install packages.  If not, they can compile it from source.  NATS OpenID Connect server supports mod_auth_openidc starting from version 2.2.0.
 +
 +
 +
== Apache Configuration ==
 +
Documentation for all available apache settings is [https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf here]
  
  
Line 10: Line 14:
  
 
<pre>
 
<pre>
<Files openid_return.php>
+
<Directory /path/to/the/members/section>
 
   AuthType openid-connect
 
   AuthType openid-connect
 
   Require valid-user
 
   Require valid-user
</Files>
+
</Directory>
  
OIDCProviderMetadataURL http://bob.whiskey.toomuchmedia.com/.well-known/member-openid-configuration
+
OIDCProviderMetadataURL <your OpenID Connect domain and protocol>/.well-known/member-openid-configuration
OIDCClientID 1,3,99
+
OIDCClientID <NATS Site ID or a comma separated list of NATS Site IDs>
OIDCClientSecret clientSecret
+
OIDCClientSecret <value of the NATS MEMBER_OPENID_CLIENT_SECRET configuration option>
 
OIDCScope openid
 
OIDCScope openid
 
OIDCRedirectURI http://openidclient.com/openid_return.php
 
OIDCRedirectURI http://openidclient.com/openid_return.php

Revision as of 20:11, 1 August 2018

Apache module mod_auth_openidc allows you to authenticate members using NATS as the OpenID Connect server


Installing mod_auth_openidc

Please ask your host to install the mod_auth_openidc apache module on your member area server(s) if not already installed. Here is a link to their releases. It would be best if they can use one of the install packages. If not, they can compile it from source. NATS OpenID Connect server supports mod_auth_openidc starting from version 2.2.0.


Apache Configuration

Documentation for all available apache settings is here


Example Virtual Host Settings

Here is an example extract from an apache virtual host for a members area

<Directory /path/to/the/members/section>
  AuthType openid-connect
  Require valid-user
</Directory>

OIDCProviderMetadataURL <your OpenID Connect domain and protocol>/.well-known/member-openid-configuration
OIDCClientID <NATS Site ID or a comma separated list of NATS Site IDs>
OIDCClientSecret <value of the NATS MEMBER_OPENID_CLIENT_SECRET configuration option>
OIDCScope openid
OIDCRedirectURI http://openidclient.com/openid_return.php
OIDCCryptoPassphrase cryptoPass
OIDCSSLValidateServer Off
OIDCSessionInactivityTimeout 30
OIDCSessionMaxDuration 0
OIDCRemoteUserClaim username
OIDCUserInfoRefreshInterval 0
OIDCUserInfoSignedResponseAlg RS256
OIDCTokenBindingPolicy disabled