All geek questions in one place

How to authenticate domains on apache using google apps

I want to authenticate some of my company’s internal websites with Google Apps. We used the openAD apache module mod_auth_openid, and since it got deprecated , I started looking for alternatives and found mod_auth_openidc. But I could not get it to work, because I did not understand most of its parts (I even tried to follow some articles ( article1 , article2 ), but this did not help, as I did not understand).

Are there any other solutions / articles that can help me do this?

+4
source share
2 answers

The first example in README.md: https://github.com/pingidentity/mod_auth_openidc/blob/master/README.md gives a good starting point:

OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID <your-client-id-administered-through-the-google-api-console>
OIDCClientSecret <your-client-secret-administered-through-the-google-api-console>

OIDCRedirectURI https://www.example.com/example/redirect_uri
OIDCCryptoPassphrase <password>

OIDCScope "openid email profile"

<Location /example/>
    AuthType openid-connect
    Require valid-user
    Require claim hd:<your-domain>
</Location>

Normal http will work, trailing slashes will work (if they are used sequentially, as in the example), the certificate does not only need a fully qualified domain name, Debian packages work on Ubuntu 14.04.

The articles you mentioned also show how to configure Google on the side.

+8
source

: . PingIdentity OpenID Connect RP - https://github.com/pingidentity/mod_auth_openidc ( - Apache: https://github.com/pingidentity/mod_auth_openidc/blob/master/LICENSE.txt)

, . :

  • HTTPS - HTTP ( , )
  • cookie (/)
  • _
  • REAL cert (~ $10)
  • OIDCMetadataDir Google
  • Ubuntu,
  • autoconfig.sh
  • Google API Console, API Google+

, , Apache. , , . , Google: https://groups.google.com/forum/#!forum/mod_auth_openidc

()

P.S. , ....

0

Source: https://habr.com/ru/post/1547897/

More articles:


All Articles