apache openid #1
Description
Configures up an Apache web server enabling OpenID access control to web
resources. Supports both users and teams permission lists.
- Tags:
- app-servers ›
This subordinate will configure up an Apache2 web server enabling OpenID.
The current supported authorization lists are saved in:
/etc/apache2/openid/providers.txt [allowed_providers]
/etc/apache2/openid/users.txt [authorized_users]
/etc/apache2/openid/teams.txt [authorized_teams]
To use it, deploy an Apache box and the OpenID charm:
juju deploy apache2 mywebserver
juju deploy apache-openid
Connect them together:
juju add-relation mywebserver apache-openid
A sample working configuration for an Apache virtualhost with SSO support:
<Location "/">
PythonAccessHandler apache_openid::protect
PythonOption handler openidteams
PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
PythonOption action-path "/openid/"
</Location>
<Location "/openid/">
Allow from All
SetHandler mod_python
PythonOption handler openidteams
PythonOption store-type file
PythonOption store-directory /etc/apache2/openid
PythonOption allowed-op-list-url "file:///etc/apache2/openid/providers.txt"
PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
PythonOption action-path "/openid/"
</Location>
ProxyRequests off
ProxyPreserveHost on
<Proxy *>
Order Allow,Deny
Allow from All
</Proxy>
ProxyPass /openid !
ProxyPass / http://127.0.0.1:80/
ProxyPassReverse / http://127.0.0.1:80/
Configuration
- allowed_providers
- (string) List of OpenID providers.
- https://login.ubuntu.com
- (string) A list of authorized teams, separated by spaces
- (string) A list of authorized users strings, separated by spaces
- debug
- (boolean) Outputs debug info about the charm as it runs
- openid_store
- (string) A directory to store auth and session files
- /etc/apache2/openid