This example uses the mod_auth_openidc component on CentOS7.

It takes users to an attributes page after login and displays the claims/values that have been passed.

As with all of these examples, it can only show you the very basics.

Goal in this example

Authenticate a user and display all the received claims on a page. In the real world you would read the claims and feed them into your authorisation / user-session management process.


  1. Install mod_auth_openidc

    sudo yum install mod_auth_openidc
  2. Configure a vhost, e.g. at: /etc/httpd/conf.d/openidc.conf

    NameVirtualHost *:80
    <VirtualHost *:80>
        DocumentRoot /var/www/html/
        DirectoryIndex yourpage.html
        ErrorLog /var/log/oidc/error.log
        CustomLog /var/log/oidc/access.log combined
        OIDCRedirectURI http://yourserver/protected/redirect_uri
        OIDCCryptoPassphrase <password>
        OIDCJWKSRefreshInterval 3600
        <Location /protected/>
           AuthType openid-connect
           Require valid-user

    There are three sections in the example above - first the general bits for your server, then the OIDC configuration parts and finally a location where OIDC is required

  3. Create a target page below the /protected/ location. This example php page will read the system variables created by the OIDC module and display them:

    <!DOCTYPE html>
    <html lang="en">
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge">
       <meta name="viewport" content="width=device-width, initial-scale=1">
       <meta name="description" content="">
       <meta name="author" content="">
       <title>OpenID Connect: Received Claims</title>
                Claims sent back from OpenID Connect via the Apache module
       <!-- OpenAthens attribtues -->
          <?php session_start(); ?>
             <div class="row">
                   <table class="table" style="width:80%;" border="1">
                     <?php foreach ($_SERVER as $key=>$value): ?>
                        <?php if ( preg_match("/OIDC_/i", $key) ): ?>
                              <td data-toggle="tooltip" title=<?php echo $key; ?>><?php echo $key; ?></td>
                              <td data-toggle="tooltip" title=<?php echo $value; ?>><?php echo $value; ?></td>
                        <?php endif; ?>
                     <?php endforeach; ?>
  4. Restart Apache ( > systemctl restart httpd)

  5. Go to the target page in a browser.

  6. Get sent to an OpenAthens sign-in page.

  7. Sign in and get sent back to the attributes page.