Reconfigure a PHP Site in an AFS-based Virtual Host to use OpenID Connect (OIDC) Client for Authentication

Environment

PHP, AFS virtual host

Issue

How to reconfigure a PHP application in an AFS-based virtual host to use OpenID Connect Client for authentication

Resolution

1. There are minimum PHP version requirements
   1. The AFS Virtual Web Hosting service offered by ITS Web Hosting provides server environments for both PHP 7.3 and 8.1
   2. If your site is currently running on an older version of PHP, you will need to upgrade
   3. To do so, you need to contact the ITS Web Hosting Team at webmaster@umich.edu to request migration to one of these newer PHP environments
2. Your website must be designed and configured for HTTPS only
   1. If any part of your PHP application is accessible by HTTP rather than HTTPS, you will need to reconfigure your site so all pages are accessible only via HTTPS
3. If you are migrating from "cosign" to "OIDC" for authentication, you will need to make changes to your site to remove any cosign-related configuration and/or module(s)
   1. Please refer to the Knowledge Base article #8929 "Identify and Remove Cosign Configurations from an AFS-based Virtual Host"
4. You will need to contact the ITS Web Team to request changes to remove any cosign configuration at the web server (Apache HTTPD) layer as well
5. Integrate an OpenID Connect library in your PHP application
   1. Please see the Knowledge Article #8730 Configure a PHP application to use OpenID Connect (OIDC) for more information

Additional Information

Need additional information or assistance? Contact the ITS Service Center.