Read our how to authenticate users to the University Access Management platform (Azure AD) using OpenID Connect web page before following these instructions.
In the example below, the crypto passphrase is just a random string of characters used for encrypting the authentication flow.
-
The easiest method for getting Azure AD authentication working in Apache is to use the OpenIDC authentication plugin to Apache.
# apt-get install libapache2-mod-auth-openidc -
Next, enable the module:
# a2enmod auth_openidc -
Now, add the following statements to your vhost configuration:
<virtualhost> ServerAdmin webmaster@botolphs.cam.ac.uk DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName www.botolphs.cam.ac.uk # OpenIDC Configuration OIDCProviderMetadataURL https://sts.windows.net/49a50445-bdfa-4b79-ade3-547b4f3986e9/.well-known/openid-configuration OIDCClientID <CLIENT ID FROM YOUR APP REGISTRATION> OIDCClientSecret <SECRET FROM YOUR APPLICATION REGISTRATION> OIDCCryptoPassphrase <RANDOM STRING OF DATA> # This is the redirect URL you specified when creating the application registration OIDCRedirectURI https://www.botolph.cam.ac.uk/aad/redirect_uri OIDCProviderAuthRequestMethod POST OIDCStateMaxNumberOfCookies 5 true OIDCRemoteUserClaim upn # Apply the authentication to some part of your website <location /> AuthType openid-connect require valid-user Order allow,deny Allow from all </location> </virtualhost> -
Restart your Apache server and check that you now have to authenticate via Azure AD to access your site:
# apachectl restart