This How-To will explain how to build, install, configure and deploy the JOSSO Agent for the Apache Httpd Web Server.
- Install Apache Development package dependencies
- Enabling SSL support for back channel transport
- Create (or provide) certificates
- Turn on SSL on gateway
- Enable SSL on Josso Apache agent
- Enabling PHP5-specific Security Context Creation
- Unix Operating System
- Apache 2.2.x Httpd Server binaries
- Apache 2.2.x Httpd Development artifacts
- Apache Portable Runtime 1.x
- Working autoconf in the path
- Working libtool in the path
- JOSSO Apache 2.2 Agent
Install the Apache Development package in case its missing by issuing the following command as root :
Install the Apache Portable Runtime (APR) package in case its missing by issuing the following command as root :
Once the prerequisites are satisfied you can start building the JOSSO Agent for Apache by invoking the autoconf configure script from the josso-apache22-agent-1.8.0 directory. This sources can be found in JOSSO distribution: josso-1.8.0/dist/agents/src/josso-apache22-agent-1.8.0.tar.gz.
First of all, install the required dependencies for the configure shell script to run properly :
Generate the build system for the specific operating system :
The --with-apache-include argument should be set to the parent folder of apache include files while the --with-apr-include should point to the APR home folder.
|Enable SSL support|
In order to use SSL for soap calls, use --enable-openssl as argument to configure.
User can also define following optional arguments:
If successful, run the building process for creating the Apache module binaries from the corresponding sources :
After successfully building the JOSSO Agent Apache Module install it in the Apache Httpd Server directory defined used with the configure script :
In case of using a single file for storing modules configuration, add the following row to the httpd.conf file of the target Apache Httpd Server for loading the JOSSO authentication module :
In case of using a separate directory for storing configuration files for individually packaged modules add a file named josso.conf in the httpd modules configuration directory (e.g. /etc/httpd/conf.d) with this content :
The Agent configuration and web access control rules should be placed within the configuration file where directory and domain definitions are located (e.g. httpd.conf) .
Let's see an example :
This directive restricts access to the "/protected" URI and enables the Single Sign-On capability for user "user1" with the "role2" role.
|Define public resource|
If you want to define public resource (directory) just add
to directory element. This will bypass josso security check for that resource.
This is used if you want automatic login for public resource
or you want to access user information from public resource.
|Josso 2 configuration|
Let's presume you have created appliance named as ApacheTest, service provider sp1 and your execution environment is named Apache20.
If all of these prerequisite are satisfied your configuration should look like:
In case of using a separate directory for storing configuration files for individually packaged modules add the aforementioned definition onto the josso.conf in the httpd modules configuration directory (e.g. /etc/httpd/conf.d).
Run apache httpd server:
When attempting to access "http://myapacheserverhost/protected/" you should be redirected to the configured authentication form for the credentials (e.g. user1/user1pwd).
On successful authentication, you should be redirected back and given access to the requested resource.
This How-To will explain how to enable encrypting of back channel transport.
Java Keytool is a key and certificate management utility provided with JDK package.
PHP Web Applications relying upon the PHP 5.x-specific security context, realized through the PHP_USER and PHP_PWD apache server variables instead of the apache-specific security context, realized through the REMOTE_USER server variable, are not capable of recognizing the user as authenticated even if a valid SSO session has been established.
Since the password that the user used for authenticating is not available to partner applications, the PHP_PWD value is set to the JOSSO token for the single sign-on session which may be used for obtaining further information about the user through the Gateway's web services.
In order to avoid changing PHP partner applications relying upon the PHP 5.x-specific security context, enable PHP5 security context creation by using the 'PHP5SecurityContext' directive :
In order to verify that this is working deploy and run the following PHP script to the protected resource :
Care to comment on this How-To? Help keep this document relevant by passing along any constructive feedback to the josso-docs