mod_auth_openid is an authentication module for the Apache 2 Web server. It handles the functions of an OpenID consumer as specified in the OpenID 2.0 specification. Once installed, a simple configuration directive can secure a directory or application on your Web server and require a valid OpenID/XRI identity. You can configure trusted/untrusted identity providers along with a number of other options.
|Tags||Security Internet Web Site Management Dynamic Content CGI Tools/Libraries|
|Operating Systems||POSIX Linux|
Release Notes: This release adds support for HTML form submission (POSTs) per the 2.0 spec, adds a cookie path option, and is now using a more secure (more random) nonce.
Release Notes: The ability to specify an external program for authorization. No longer clears attribute exchange parameters; see the Wiki page for attribute exchange. A fix for a bug involving custom auth cookie names. A fix for a bug that left openid params in the referrer param after a custom login page redirect. A fix for a bug that resulted in the referrer param not having HTTP/S set correctly. A fix for a bug that resulted in an auth error when too many requests were hitting Session DB. A fix for a bug that set REMOTE_USER to normalized id rather than claimed id.
Release Notes: This release adds support for the OpenID 2.0 spec (support for the 1.1 spec is still maintained). Support for BDB has been removed; this release supports SQLite only.
Release Notes: A 302 Redirect issue was fixed. AuthOpenIDEnabled is now allowed in .htaccess files. Links on the default login page were fixed.
Release Notes: The openid.ax and openid.sreg parameters are no longer cleansed from URLs. An AuthOpenIDServerName configuration option has been added. The dependency on libpcre++ has been removed (libpcre is still required). A modauthopenid.referrer parameter has been added that is passed on to login pages. The code has been updated to work with the libopkele version 3 API.