Apache 反向代理Apche2.4如何启用google身份验证
我正在尝试在CentOS7上安装的Apache 2.4反向代理上启用google身份验证。 我安装了mod\u auth\u openidc 我在GSUITE控制台上创建了OAuth 2.0客户端ID 这是我的/etc/httpd/conf/http.conf:Apache 反向代理Apche2.4如何启用google身份验证,apache,google-app-engine,reverse-proxy,google-authentication,Apache,Google App Engine,Reverse Proxy,Google Authentication,我正在尝试在CentOS7上安装的Apache 2.4反向代理上启用google身份验证。 我安装了mod\u auth\u openidc 我在GSUITE控制台上创建了OAuth 2.0客户端ID 这是我的/etc/httpd/conf/http.conf: <VirtualHost mtest.mydomain.com:80> ServerName mtest.mydomain.com OIDCProviderMetadataURL https://accoun
<VirtualHost mtest.mydomain.com:80>
ServerName mtest.mydomain.com
OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
OIDCClientSecret xxxxxxxxxxxxxxxxxxxxxxxx
OIDCRedirectURI https://mtest.mydomain.com/
OIDCScope "profile openid"
OIDCCryptoPassphrase example@3003
OIDCCookiePath /
OIDCAuthNHeader X-Forwarded-User
OIDCRemoteUserClaim sub
OIDCClaimPrefix example_
<Location />
AuthType openid-connect
Require valid-user
</Location>
Redirect / https://mtest.mydomain.com/
</VirtualHost> <VirtualHost mtest.mydomain.com:443>
ServerName mtest.mydomain.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/mydomain.com.key
SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt
</VirtualHost>
ServerName mtest.mydomain.com
OIDCProviderMetadataURLhttps://accounts.google.com/.well-known/openid-configuration
OIDCClientID XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com
OIDClientCret xxxxxxxxxxxxxxxxxxxxxxxx
白蚁https://mtest.mydomain.com/
OIDCcope“profile openid”
密码短语example@3003
OIDCookiepath/
OidCauthHeader X-Forwarded-User
Oidcremote用户索赔分包
OIDCClaimPrefix示例_
AuthType openid连接
需要有效用户
重定向/https://mtest.mydomain.com/
ServerName mtest.mydomain.com
斯伦金安
SSLCertificateFile/etc/httpd/ssl/mydomain.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/mydomain.com.key
SSLCACertificateFile/etc/httpd/ssl/gd_bundle-g2-g1.crt
但当我对url进行编号时:我没有重新登录到谷歌认证页面
我的错误在哪里?我是这样解决的:
ProxyRequests off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy> ProxyTimeout 300
<VirtualHost test.mydomain.com:80>
ServerName test.mydomain.com
Redirect / https://test.mydomain.com/
</VirtualHost>
<VirtualHost test.mydomain.com:443>
ServerName test.mydomain.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/mydomain.crt
SSLCertificateKeyFile /etc/httpd/ssl/mydomain.key
SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt
OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
OIDCClientSecret xxxxxxxxxxxxxxxxxxxxx
OIDCRedirectURI https://test.mydomain.com/home.html
OIDCScope "profile openid"
OIDCCryptoPassphrase example@3003
OIDCCookiePath /
OIDCAuthNHeader X-Forwarded-User
OIDCRemoteUserClaim sub
OIDCClaimPrefix example_
<Location />
AuthType openid-connect
Require valid-user </Location>
ProxyPreserveHost On
ProxyPass / http://192.168.1.1/
ProxyPassReverse / http://192.168.1.1/
</VirtualHost>
ProxyRequests关闭
命令拒绝,允许
全盘否定
通融
代理超时300
ServerName test.mydomain.com
重定向/https://test.mydomain.com/
ServerName test.mydomain.com
斯伦金安
SSLCertificateFile/etc/httpd/ssl/mydomain.crt
SSLCertificateKeyFile/etc/httpd/ssl/mydomain.key
SSLCACertificateFile/etc/httpd/ssl/gd_bundle-g2-g1.crt
OIDCProviderMetadataURLhttps://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxx-xxxxxxxxxxxxxxxxx.apps.googleusercontent.com
OIDClientCret XXXXXXXXXXXXXXXXXX
白蚁https://test.mydomain.com/home.html
OIDCcope“profile openid”
密码短语example@3003
OIDCookiepath/
OidCauthHeader X-Forwarded-User
Oidcremote用户索赔分包
OIDCClaimPrefix示例_
AuthType openid连接
需要有效用户
代理主机
ProxyPass/http://192.168.1.1/
ProxyPassReverse/http://192.168.1.1/