Skip to content

Gluu Server

Jump to bottom Edit New page
William Lowe edited this page Jan 18, 2019 · 16 revisions

Using mod_auth_openidc with Gluu Server

The Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM). To learn more, read the official documentation.

Overview

Web Server filters like mod_auth_openidc are a tried and true approach to achieving single sign-on (SSO) with server-side web applications. The web server filter enforces the presence of a token in an HTTP Request. If no token is present, the Web server may re-direct the person, or return a meaningful code or message to the application.

The following provides a quick start guide to using mod_auth_openidc to send users to the Gluu Server for #. For more detailed information, visit the official documentation.

Pre-requirements

  • A working Gluu Server. Installation guide

  • A separate server with Apache HTTPD running and SSL enabled.

  • All hostnames should be DNS resolvable, or entries should be added in the /etc/hosts file on both the web server and Gluu Server.

Install mod_auth_openidc

mod_auth_openidc requires on the Ubuntu package libjansson4. Install it using the following command:

apt-get install libjansson4

Download and install the mod_auth_openidc and libjose packages from the Release Page.

Add client in Gluu

Create a client in the Gluu Server with the following values:

Client Name: mod_auth_oidc
Description: Test client to test mod_auth_oidc
Client Secret: whatever_you_want
Application Type: Web
Pre-Authorization: True
Subject Type: public
Authentication method for the Token Endpoint: client_secret_basic
Redirect Login URIs: https://[RP_hostname]/callback
Scopes: email, openid, profile
Response Types: code
Grant Types: authorization_code

Read the client creation docs.

Configure mod_auth_openidc

Configure CGI script

  • vim -N /usr/lib/cgi-bin/printHeaders.cgi
  • Then paste below code and save:
#!/usr/bin/python

import os

d = os.environ
k = d.keys()
k.sort()

print "Content-type: text/html\n\n"

print "<HTML><Head><TITLE>Print Env Variables</TITLE></Head><BODY>"
print "<h1>Environment Variables</H1>"
for item in k:
    print "<p><B>%s</B>: %s </p>" % (item, d[item])
print "</BODY></HTML>"

Now run the following commands:

  • chown www-data:www-data /usr/lib/cgi-bin/printHeaders.cgi
  • chmod ug+x /usr/lib/cgi-bin/printHeaders.cgi

Configure Apache VirtualHost

Configure mod_auth_openidc to protect the resource

  • vim -N /etc/apache2/sites-available/default-ssl.conf
  • Add below part:
....
....
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown


OIDCProviderMetadataURL https://[Gluu_server_hostname]/.well-known/openid-configuration
OIDCClientID inum_of_registered_client
OIDCClientSecret password_used_to_register_client
OIDCResponseType code
OIDCProviderTokenEndpointAuth client_secret_basic
OIDCSSLValidateServer Off
OIDCProviderIssuer https://[Gluu_server_hostname]
OIDCRedirectURI https://[RP_hostname]/callback
OIDCCryptoPassphrase something_you_want
<Location "/">
    Require valid-user
    AuthType openid-connect
</Location>

    </VirtualHost>
    ...
.....
....
  • Restart apache2

Test SSO

Hit https://[RP_hostname]/cgi-bin/printHeaders.cgi and you should be redirected to the Gluu Server for authentication. After successful authentication, you should see the list of "Environment Variables" from RP aka. Resource Provider.

Support

Gluu offers community support via its support portal. If you have questions or need help, just register and open an issue.

Add a custom footer
Add a custom sidebar
Clone this wiki locally