Name: mod_token_binding
Owner: ZmartZone IAM
Description: Toking Binding for Apache HTTPd 2.4.x
Created: 2017-01-27 16:25:13.0
Updated: 2018-05-23 17:39:37.0
Pushed: 2018-05-23 17:39:36.0
Size: 46
Language: C
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A pluggable module implementation of Token Binding for the Apache HTTPd web server version 2.4.x.
This module implements the Token Binding protocol as defined in https://github.com/TokenBinding/Internet-Drafts on HTTPs connections setup to mod_ssl
running in an Apache webserver.
It then sets environment variables and headers with the results of that process so that other modules and applications running on top of (or behind) it can use that to bind their tokens and cookies to the so-called Token Binding ID. The environment variables/headers are:
Sec-Provided-Token-Binding-ID
Sec-Referred-Token-Binding-ID
Sec-Token-Binding-Context
Sec-
prefix added to the header).There?s a sample Dockerfile
under test/docker
to get you to a quick functional server setup with all of the prerequisites listed above. It reverse proxies requests to http://httpbin.org/headers
to show the resulting request headers.
Build and run this container on a Docker-equipped system with ./autogen.sh && make docker
and then browse to https://localhost:4433`.
Since version 2.3.1 mod_auth_openidc can be configured to use the negotiated environment variables to bind its session (and state) cookie(s) to the TLS connection and to perform OpenID Connect Token Bound Authentication for an ID Token as defined in http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html using its OIDCTokenBindingPolicy
directive as described in https://github.com/zmartzone/mod_auth_openidc/blob/v2.3.5/auth_openidc.conf#L211.
getNegotiatedVersion
function:
https://github.com/zmartzone/token_bind/tree/expose-negotiated-versionEdit the configuration file for your web server. Depending on your distribution, it may be named '/etc/apache/httpd.conf' or something different.
You need to add a LoadModule directive for mod_token_binding. This will look similar to this:
Module token_binding_module /usr/lib/apache2/modules/mod_token_binding.so
You can then optionally configure mod_token_binding with specific configuration primitives.
For an exhaustive overview of all configuration primitives, see token_binding.conf
in this directory.
That file can also function as an include file for Apache.