OC5:Apache mod auth openidc

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:DtArticleSortKey|}}

Apache mod_auth_openidc

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Apache mod auth openidc}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Apache mod_auth_openidc|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=OC5 Solution,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=OC5 Solution,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|OC5 Solution |OC5 Solution }}   Apache mod_auth_openidc
Identifier   bgcolor={{{color}}}}}|modauthopenidc  
Description   bgcolor={{{color}}}}}|This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or an OAuth 2.0 Resource Server.

It supports OP Discovery, Dynamic Client Registration, Session Management (draft 22), 3rd-party Initiated Login, (Access) Token Refresh, OAuth 2.0 Form Post Response Mode and Token Introspection (draft 05). In addition it supports OP initiated login as defined in: https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state

Flow support (all): "code","id_token","id_token token","code id_token","code token","code id_token token"

JWS support (all): RS256,RS384,RS512,PS256,PS384,PS512,HS256,HS384,HS512,ES256,ES384,ES512,none

JWE support (basic, required set for JWT): RSA1_5,A128KW,A256KW with A128CBC,HS256,A256CBC-HS512  

Product Page   bgcolor={{{color}}}}}|https://github.com/pingidentity/mod_auth_openidc  
Project or solution logo (if different than Participant logo)   bgcolor={{{color}}}}}|
Latest Version   bgcolor={{{color}}}}}|https://github.com/pingidentity/mod_auth_openidc/releases  
Latest Release Date   bgcolor={{{color}}}}}| 
Installation/Operation Instructions   bgcolor={{{color}}}}}| 
Operated by   bgcolor={{{color}}}}}|Hans Zandbelt
Interop Roles   bgcolor={{{color}}}}}|RP {{ #if: https://www.pingidentity.nl/protected/index.php |: https://www.pingidentity.nl/protected/index.php |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  

Click here for help populating this chart.

{{ #if: RP | {{#vardefine:DtArticleSortKey|}}

OC5 RP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Apache mod auth openidc}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Apache mod_auth_openidc|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=RP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=RP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Feature Tests for |Feature Tests for }}   Apache mod_auth_openidc
{{#if:|Relying Party Features |Relying Party Features }}    
{{#if:|Response Type & Response Mode|Response Type & Response Mode}}    
Can Make Request with code Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-code-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Request with id_token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Request with id_token token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-token-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Use Self-Issued OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-selfissued-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Request with form_post Response Mode   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rmod-form-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|ID Token|ID Token}}    
Rejects ID Token with Invalid Audience   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-aud-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Rejects Incorrect at_hash when Implicit Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badat-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Rejects Incorrect c_hash when Code Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Reject Invalid Asymmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-rs256-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Unsecured ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-uns-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Reject Invalid Symmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-hs256-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Use Elliptic Curve ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-ec-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-signenc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|UserInfo Endpoint|UserInfo Endpoint}}    
Accesses UserInfo Endpoint with Header Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-hdr-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Does Not Access UserInfo Endpoint with Query Parameter Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-not-query-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Rejects UserInfo with Invalid Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-userinfo-sub-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Signed UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-sign-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-enc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-signenc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|scope Request Parameter|scope Request Parameter}}    
Requesting UserInfo Claims with scope Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-scope-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Client Authentication|Client Authentication}}    
Can Make Access Token Request with client_secret_basic Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csbasic-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_post Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-cspost-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Access Token Request with private_key_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-pkjwt-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csjwt-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Discovery|Discovery}}    
Uses WebFinger Discovery   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-discovery-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Discover Identifiers using E-Mail Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-email-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Discover Identifiers using URL Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-url-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Uses openid-configuration Discovery Information   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-disc-config-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-disc-issuer-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Rejects ID Token with iss Not Matching Discovered issuer   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-iss-issuer-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Uses Keys Discovered with jwks_uri Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-keys-jwks_uri-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Dynamic Client Registration|Dynamic Client Registration}}    
Uses Dynamic Registration   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-registration-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Key Rollover|Key Rollover}}    
Support OP Signing Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-sig-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Rollover RP Signing Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-sig-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Support OP Encryption Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-enc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Rollover RP Encryption Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-enc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|request_uri Request Parameter|request_uri Request Parameter}}    
Can Use request_uri Request Parameter with Unsecured Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-uns-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sig-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-enc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed and Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sigenc-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|claims Request Parameter|claims Request Parameter}}    
Requesting UserInfo Claims with claims Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-reqobj-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Can Request and Use Claims in id_token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-idt-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Third Party Initiated Login|Third Party Initiated Login}}    
Support Third-Party Initiated Login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-3rd-login-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Claim Types|Claim Types}}    
Uses Aggregated Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-aggreg-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Uses Distributed Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-dist-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
{{#if:|Session Management|Session Management}}    
Logout Initiated by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-init-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-received-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}
State Change Other than Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-change-received-x-Apache mod_auth_openidc |noresultsheader = Not Tested }}


|

}}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 FeatureTest List

Template:OC5 FeatureTest List | }}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 FeatureTest List

Template:OC5 FeatureTest List | }}


{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 Feature Test List

Template:OC5 Feature Test List | }} {{ #if: RP | | }} {{ #if: | | }} {{ #if: | | }} {{ #if: | | }}