libapache2-mod-auth-openid for Debian ------------------------------------- You can enable this module using a2enmod: # a2enmod auth_openid Following is excerpt from Webpage: -------------------- Depending on where you specify your AuthOpenIDDBLocation (see below), you may need to touch the db file as the user that's running Apache (or chown the directory it's being stored in). For instance: # /tmp/mod_auth_openid.db is the default location for the DB su root touch /tmp/mod_auth_openid.db chown www-data /tmp/mod_auth_openid.db Usage Place the following directive in either a Directory, Location, or File directive in your httpd.conf: AuthOpenIDEnabled On ・ AuthOpenIDEnabled: The directory/location/file should be secured by mod_auth_openid. This is the only required directive. The following are optional: AuthOpenIDDBLocation /some/location/my_file.db AuthOpenIDTrusted ^http://myopenid.com/server$ ^http://someprovider.com/idp$ AuthOpenIDDistrusted ^http://hackerdomain ^http://openid.microsoft.com$ AuthOpenIDUseCookie Off AuthOpenIDTrustRoot http://example.com AuthOpenIDCookieName example_cookie_name AuthOpenIDLoginPage /login.html ・ AuthOpenIDDBLocation: Specifies the place the BDB file should be stored. Default: /tmp/mod_auth_openid.db. ・ AuthOpenIDTrusted: If specified, only users using providers that match one of the (Perl compatible) regular expressions listed will be allowed to authenticate. Default: Trust all providers. ・ AuthOpenIDDistrusted: If specified, only users using providers that do not match one of the (Perl compatible) regular expressions listed will be allowed to authenticate. You can use this in combination with AuthOpenIDTrusted; in that case, only a domain that is listed as trusted and not listed as distrusted can be used. Default: No providers are distrusted. ・ AuthOpenIDUseCookie: If "Off", then a session cookie will not be set on the client upon successful authentication. The page will load once; if reloaded or if the user visits it again it will ask the user to reauthenticate. Default: On ・ AuthOpenIDTrustRoot: User's are asked to approve this value by their identity provider after redirection. Most providers will error out unless this value matches the URL they are being redirected from, or some subset of that URL. For instance, if a user is trying to access http://example.com/protected/ index.html then either http://example.com or http://example.com/protected/ would work but http://example.com/protected/area/ would not. Default: The URL the user is trying to access (without filenames / query parameters at the end). ・ AuthOpenIDCookieName: The name of the session cookie set by mod_auth_openid. Default: open_id_session_id ・ AuthOpenIDLoginPage: The URL location of a customized login page. This could be a location on a different server or domain. Default: use the mod_auth_openid login page that exists in the module. See the custom login page howto for more information. Next, restart apache: /path/to/apache2/bin/apachectl stop /path/to/apache2/bin/apachectl start After a user authenticates themselves, the user's identity will be available in the REMOTE_USER cgi environment variable. A cookie named open_id_session_id is saved to maintain each user's session. Questions/Problems/Complaints First, read the FAQ. If it's a bug, report it at https://www.butterfat.net/tracker/butterfat. If it's a complaint, email . -------------------- -- NIIBE Yutaka , Wed, 10 Jul 2013 03:46:55 +0000