Apaceh2 oauth plugin

May 13, 2019

Page content

Configure Apache plugin to use Keycloak as a user backend for login with OpenID and SSO.

mod_auth_openidc is an OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

Install the plugin

yum install mod_auth_openidc httpd php mod_ssl -y

mkdir -p /var/www/html/oauth/protected
echo "index" > /var/www/html/oauth/index.htm

nano /var/www/html/oauth/protected/index.php
<!DOCTYPE html>
<html lang="en">

<head>

   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta name="description" content="">
   <meta name="author" content="">

   <title>OpenID Connect: Received Claims</title>

</head>

<body>
         <h3>
            Claims sent back from OpenID Connect via the Apache module
         </h3>
         <br/>


   <!-- OpenAthens attribtues -->
      <?php session_start(); ?>

         <h2>Claims</h2>
         <br/>
         <div class="row">

               <table class="table" style="width:80%;" border="1">
                 <?php foreach ($_SERVER as $key=>$value): ?>
                    <?php if ( preg_match("/OIDC_/i", $key) ): ?>
                       <tr>
                          <td data-toggle="tooltip" title=<?php echo $key; ?>><?php echo $key; ?></td>
                          <td data-toggle="tooltip" title=<?php echo $value; ?>><?php echo $value; ?></td>
                       </tr>
                    <?php endif; ?>
                 <?php endforeach; ?>
               </table>

</body></html>

Create vhost

nano /etc/httpd/conf.d/aouth-site.conf
# NameVirtualHost *:80
<VirtualHost *:80>
   ServerName oauth.devopstales.intra
   DocumentRoot /var/www/oauth/
   Redirect permanent / https://oauth.devopstales.intra
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin webmaster@example.com
    ServerName oauth.devopstales.intra
    ServerAlias www.oauth.devopstales.intra
    DocumentRoot /var/www/html/oauth/
    DirectoryIndex index.html index.php
    ErrorLog /var/log/httpd/oauth-error.log
    CustomLog /var/log/httpd/oauth-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/domain.pem
    SSLCertificateKeyFile /etc/httpd/ssl/domain.pem
    SSLCertificateChainFile /etc/httpd/ssl/domain.pem

    # keycloak server
    OIDCProviderMetadataURL http://sso.devopstales.intra/auth/realms/mydomain/.well-known/openid-configuration
    # for self signed certificate
    OIDCSSLValidateServer Off
    OIDCClientID web
    OIDCClientSecret 5b721a2b-681f-402d-807c-b98c80672c16
    OIDCRedirectURI http://oauth.devopstales.intra/protected/redirect_uri
    OIDCCryptoPassphrase passphrase
    OIDCJWKSRefreshInterval 3600

    <Location /protected/>
       AuthType openid-connect
       Require valid-user
    </Location>

</VirtualHost>

Start apache

systemct start httpd

Install the plugin

Create vhost

Start apache

Your support is our everlasting motivation, that cup of coffee is what keeps us going!

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!