Apache 2

This tutorial explains how to build, install, configure and deploy the JOSSO Agent for the Apache Httpd Web Server. The agent is implemented as an Apache module that intercepts HTTP requests to provide security context. In order to install the agent you must compile it using Apache development tools. You can modify the provided tools and adapt this tutorial to your specific needs if required.

Prerequisites

  • Unix Operating System

  • Apache 2.2.x Httpd Server binaries

  • Apache 2.2.x Httpd Development artifacts

  • Apache Portable Runtime 1.x

  • Working autoconf in the path

  • Working libtool in the path

  • JOSSO Apache 2.2 Agent

Install Dev Tools

These tools need to be installed if they are not present in your system.

Install the Dev package

Install the Apache Development package (in case it's missing) by issuing the following command as root:

$ yum install gcc automake autoconf libtool httpd-devel apr-devel

Building

Once the prerequisites are satisfied you can start building the JOSSO Agent for Apache by invoking the autoconf configure script from the josso-apache22-agent-1.8.12 directory. These sources can be found in JOSSO distribution:

  • josso-1.8.12/dist/agents/src/josso-apache22-agent-1.8.12.tar.gz .

First of all, install the required dependencies for the configure shell script to run properly:

$ ./makemake

Generate the build system for the specific operating system:

$ ./configure --with-apache-include=/usr/include/httpd --with-apr-include=/usr/include/apr-1

The --with-apache-include argument should be set to the parent folder of apache include files, while the --with-apr-include should point to the APR home folder.

In order to use SSL for agent backchannel calls (WebServices), use --enable-openssl as the argument to configure. User can also define the following optional arguments: --with-openssl-includes=/path/to/ssl/includes--with-openssl-libs=/path/to/ssl/libs--with-openssl=/path/to/ssl/base--with-pkg-config='/path/to/pkg-config

If successful, run the building process for creating the Apache module binaries from the corresponding sources:

$ make

Installing

After successfully building the JOSSO Agent Apache Module, install it in the Apache Httpd Server directory defined/used with the configure script :

$ apxs -i -a -n auth_josso mod_auth_josso/.libs/libmod_auth_josso.so

Enabling the Agent

If you are using a single file for storing modules configuration, add the following row to the httpd.conf file of the target Apache Httpd Server for loading the JOSSO authentication module:

LoadModule auth_josso_module modules/libmod_auth_josso.so

If you are using a separate directory for storing configuration files for individually packaged modules, add a file named josso.conf in the httpdmodules configuration directory (e.g. /etc/httpd/conf.d) with this content:

LoadModule auth_josso_module modules/libmod_auth_josso.so

LoadModule auth_josso_module modules/libmod_auth_josso.so
ShmSSOFile /var/tmp/ShmSSOFile
ShmSSOLockFile /var/tmp/ShmSSOLockFile

<Location /josso_security_check*> 
AuthType JOSSO
AuthName "My Authentication"
Require role REGISTERED_USER

GatewayLoginUrl "https://sso.mycompany.com/IDBUS/PROD/APACHE-WWW/JOSSO/SSO/REDIR"
GatewayLogoutUrl "https://sso.mycompany.com/IDBUS/PROD/APACHE-WWW/JOSSO/SLO/REDIR"
GatewayEndpoint "josso.vpn.mycompany.com" 8081
SessionManagerServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOSessionManager/SOAP"
IdentityManagerServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOIdentityManager/SOAP"
IdentityProviderServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOIdentityProvider/SOAP"

DefaultResource /
PartnerApplicationID "apache-mimas"
AutoLoginDisabled On
</Location>

<LocationMatch /public/member/proceedings/q.../Presentations/> 
AuthType JOSSO 
AuthName "My Authentication"

GatewayLoginUrl "https://sso.mycompany.com/IDBUS/PROD/APACHE-WWW/JOSSO/SSO/REDIR" 
GatewayLogoutUrl "https://sso.mycompany.com/IDBUS/PROD/APACHE-WWW/JOSSO/SLO/REDIR" 
GatewayEndpoint "josso.vpn.mycompany.com" 8081 
SessionManagerServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOSessionManager/SOAP" 
IdentityManagerServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOIdentityManager/SOAP" 
IdentityProviderServicePath "IDBUS/PROD/APACHE-WWW/JOSSO/SSOIdentityProvider/SOAP"

DefaultResource /public/member/proceedings/ 
PartnerApplicationID "apache-mimas" 
AutoLoginDisabled On 
</LocationMatch>

<LocationMatch /public/member/proceedings/q313/Presentations/> 
Require role STAFF MEMBER EVENT_10230 
</LocationMatch>
Last Updated:
Contributors: Sebastian