apache openid #9

  • By hloeung
  • Latest version (#9)
  • precise
  • Stable
  • Edge

Description

Configures up an Apache web server enabling OpenID access control to web
resources. Supports both users and teams permission lists.

This subordinate will configure up an Apache2 web server enabling OpenID.

The current supported authorization lists are saved in:
/etc/apache2/openid/providers.txt [allowed_providers]
/etc/apache2/openid/users.txt [authorized_users]
/etc/apache2/openid/teams.txt [authorized_teams]

To use it, deploy an Apache box and the OpenID charm:
juju deploy apache2 mywebserver
juju deploy apache-openid

Connect them together:
juju add-relation mywebserver apache-openid

A sample working configuration for an Apache virtualhost with SSO support:

<Location "/">
    PythonAccessHandler apache_openid::protect
    PythonOption handler openidteams
    PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
    PythonOption action-path "/openid/"
</Location>

<Location "/openid/">
    Allow from All
    SetHandler mod_python
    PythonOption handler openidteams
    PythonOption store-type file
    PythonOption store-directory /etc/apache2/openid
    PythonOption allowed-op-list-url "file:///etc/apache2/openid/providers.txt"
    PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
    PythonOption action-path "/openid/"
</Location>

ProxyRequests off
ProxyPreserveHost on

<Proxy *>
    Order Allow,Deny
    Allow from All
</Proxy>

ProxyPass /openid !
ProxyPass / http://127.0.0.1:80/
ProxyPassReverse / http://127.0.0.1:80/

Configuration

debug
(boolean) Outputs debug info about the charm as it runs
openid_store
(string) A directory to store auth and session files
/etc/apache2/openid
authorized_users
(string) A list of authorized users strings, separated by spaces
authorized_teams
(string) A list of authorized teams, separated by spaces
allowed_providers
(string) List of OpenID providers.
Launchpad=login.launchpad.net