I want to authenticate some of my company's internal websites with Google Apps. We have been using openid based apache module mod_auth_openid
and since it got deprecated recently I started looking for alternatives and have found mod_auth_openidc
. But I couldn't really get it to work as I didn't understand most parts of it (I have even tried to follow some articles (article1, article2) but that didn't help as it was not clear to me).
Is there any other solution/article that can help me do this?
The first example in the README.md here: https://github.com/pingidentity/mod_auth_openidc/blob/master/README.md gives a good starting point:
OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID <your-client-id-administered-through-the-google-api-console>
OIDCClientSecret <your-client-secret-administered-through-the-google-api-console>
OIDCRedirectURI https://www.example.com/example/redirect_uri
OIDCCryptoPassphrase <password>
OIDCScope "openid email profile"
<Location /example/>
AuthType openid-connect
Require valid-user
Require claim hd:<your-domain>
</Location>
Plain http will work, trailing slashes will work (if used consistently as in the example), no certificate needed just a fully qualified domain name, Debian packages work on Ubuntu 14.04.
The articles that you mention show also how to configure the Google side of things.