Skip to main content
Skip table of contents

Apache OpenID Connect example

This example uses the mod_auth_openidc component on CentOS7.

It takes users to an attributes page after login and displays the claims/values that have been passed.

As with all of these examples, it can only show you the very basics.

Goal in this example

Authenticate a user and display all the received claims on a page. In the real world you would read the claims and feed them into your authorisation / user-session management process.

Instructions

  1. Install mod_auth_openidc

    CODE
    sudo yum install mod_auth_openidc
  2. Configure a vhost, e.g. at: /etc/httpd/conf.d/openidc.conf

    CODE
    NameVirtualHost *:80
    
    <VirtualHost *:80>
        ServerAdmin webmaster@example.com
        ServerName yourserver.net
        ServerAlias www.yourserver.net
        DocumentRoot /var/www/html/
        DirectoryIndex yourpage.html
        ErrorLog /var/log/oidc/error.log
        CustomLog /var/log/oidc/access.log combined
    
        OIDCProviderMetadataURL https://connect.openathens.net/.well-known/openid-configuration
        OIDCClientID YOUR_OPENATHENS_CLIENT_ID
        OIDCClientSecret YOUR_OPENATHENS_CLIENT_SECRET
        OIDCRedirectURI http://yourserver/protected/redirect_uri
        OIDCCryptoPassphrase <password>
        OIDCJWKSRefreshInterval 3600
    
        <Location /protected/>
           AuthType openid-connect
           Require valid-user
        </Location>
    
    </VirtualHost>

    There are three sections in the example above - first the general bits for your server, then the OIDC configuration parts and finally a location where OIDC is required

  3. Create a target page below the /protected/ location. This example php page will read the system variables created by the OIDC module and display them:

    CODE
    <!DOCTYPE html>
    <html lang="en">
    
    <head>
    
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge">
       <meta name="viewport" content="width=device-width, initial-scale=1">
       <meta name="description" content="">
       <meta name="author" content="">
    
       <title>OpenID Connect: Received Claims</title>
    
    </head>
    
    <body>
    
             <h3>
                Claims sent back from OpenID Connect via the Apache module
             </h3>
             <br/>
    
    
       <!-- OpenAthens attribtues -->
          <?php session_start(); ?>
    
             <h2>Claims</h2>
             <br/>
             <div class="row">
    
                   <table class="table" style="width:80%;" border="1">
                     <?php foreach ($_SERVER as $key=>$value): ?>
                        <?php if ( preg_match("/OIDC_/i", $key) ): ?>
                           <tr>
                              <td data-toggle="tooltip" title=<?php echo $key; ?>><?php echo $key; ?></td>
                              <td data-toggle="tooltip" title=<?php echo $value; ?>><?php echo $value; ?></td>
                           </tr>
                        <?php endif; ?>
                     <?php endforeach; ?>
                   </table>
    
    </body>
    
    </html>
  4. Restart Apache ( > systemctl restart httpd)

  5. Go to the target page in a browser.

  6. Get sent to an OpenAthens sign-in page.

  7. Sign in and get sent back to the attributes page.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.