Skip to content

scitokens/apache-scitokens

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
configs
configs
 
 
src
src
 
 
test
test
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

apache-scitoken

Authentication module for Apache httpd with Scitoken.

The authentication process is carried out by an authentication provider and specified by /src/scitoken.c.

The module will check the request token against a list of issuers provided by the Apache configuration file.

There are built-in checks for issuers, expiration date, and algorithm(disabled by default)

This repo also includes the necessary configuration for an Apache webserver to provide WebDav access using SciTokens for authorization. With this configuration, you may provide authenticated access to write (PUT) or read (GET) on the webserver.

Build requirement

scitoken-cpp

Installation

Install scitoken-cpp

Move scitokens-cpp/src/scitokens.h to your include directory

In /src, compile the module:

$ apxs -i -a -c scitoken.c -lSciTokens
$ cat /etc/apache2/mods-enabled/auth_scitokenX.load
LoadModule auth_scitokenX_module /usr/lib/apache2/modules/scitoken.so

Configuration

Modify your Apache configuration file.

A minimal configuration might be:

<Location /demo>
          AuthType Scitoken
          AuthName "private area"
          Require Scitoken
          issuers "https://issuer1;/resource1"
          #Dav on
</Location>

To Enable WebDav,

sudo a2enmod dav
sudo a2enmod dav_fs

This allows creating, moving, copying, and deleting resources and collections on a remote web server and provide access to resources located in the server's file system.

See /config for an example(Ubuntu 16.04.6 LTS)

In the example, the only issuer is "https://demo.scitokens.org" and the protected directory is "/demo"

Restart Apache

Testing

curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleS1yczI1NiJ9.eyJzY3AiOiJyZWFkOi9kZW1vIiwiYXVkIjoiaHR0cDovL1Z0MjAuc2VjdXJpdHkubmNzYS5pbGxpbm9pcy5lZHUiLCJpc3MiOiJodHRwczovL2RlbW8uc2NpdG9rZW5zLm9yZyIsImV4cCI6MTU1Mzg4NTg4OCwiaWF0IjoxNTUzODg1Mjg4LCJuYmYiOjE1NTM4ODUyODgsImp0aSI6IjgyNGYzNDgxLWE5ZTAtNDZkZC04N2Q3LTAxZTBhZGVhN2Y5MyJ9.pQNp4MN1Bj38zCGwwGLlBBGh6BRUHmsw1Q54hjX-UwgJXQao7ftDo2YhmDNGNM-W2X9TU8S4XcNdrHXPSixapGVlDdtntgjWmY7EeCeAuVf9Tke7oTZsfdAKB-ye5t_dYjnAwrI-p5o6T4-GBKNcEg3_d4YqV61-BUGYqQJIEeCjoNrcbRUmwYY8O1Upp0A6S9EdpCAhHUS58onJDR2a2HIOJaSBo88UKxLWTofLUFn8P35Or_u2YZCHbp9nJ9JmTL1uVTHBd6vsWBsj8byOuZvfbOHll_vjOQ6DCc899R4Af1_ezA3no8ONGJJ3zAQSNRl2kIoLBBEp5MZw4r1--g" URL

Tokens generated by https://demo.scitokens.org are set to expire in 10 mins. To make a 200 request:

1.Go to https://demo.scitokens.org Set payload to protected area

2."scope": "read:/demo", "aud": "https://server.example.com",

3.curl -H "Authorization: Bearer YOURTOKEN" https://server.example.com/demo/index2.html

About

SciTokens module for Apache httpd

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

1 fork
Report repository

Releases 2

v1.1.0 Latest
Apr 28, 2022
+ 1 release

Contributors 3

  •  
  •  
  •  

Languages