apache openid #5

Supports: trusty


Configures up an Apache web server enabling OpenID access control to web resources. Supports both users and teams permission lists.

This subordinate will configure up an Apache2 web server enabling OpenID.

The current supported authorization lists are saved in: /etc/apache2/openid/providers.txt [allowed_providers] /etc/apache2/openid/users.txt [authorized_users] /etc/apache2/openid/teams.txt [authorized_teams]

To use it, deploy an Apache box and the OpenID charm: juju deploy apache2 mywebserver juju deploy apache-openid

Connect them together: juju add-relation mywebserver apache-openid

A sample working configuration for an Apache virtualhost with SSO support:

<Location "/">
    PythonAccessHandler apache_openid::protect
    PythonOption handler openidteams
    PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
    PythonOption action-path "/openid/"

<Location "/openid/">
    Allow from All
    SetHandler mod_python
    PythonOption handler openidteams
    PythonOption store-type file
    PythonOption store-directory /etc/apache2/openid
    PythonOption allowed-op-list-url "file:///etc/apache2/openid/providers.txt"
    PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
    PythonOption action-path "/openid/"

ProxyRequests off
ProxyPreserveHost on

<Proxy *>
    Order Allow,Deny
    Allow from All

ProxyPass /openid !
ProxyPass /
ProxyPassReverse /


(string) List of OpenID providers.
(string) A list of authorized teams, separated by spaces
(string) A list of authorized users strings, separated by spaces
(boolean) Outputs debug info about the charm as it runs
(string) A directory to store auth and session files