Identify and Remove "mod_auth_openidc" Configurations from an AFS-based Virtual Host


Cosign, AFS


If your site is currently configured to use OpenID Connect (OIDC) via "mod_auth_openidc" at the web server for authentication, you will need to update your site's application configuration to use OIDC in the application instead. 


There are a number of things to look for in your site code/configuration which you will need to review and remove prior to updating to use OIDC .

Look for these things, remove them if you find them:

  1. .htaccess file: mod_auth_openidc, mod_authnz_ldap directives

Locate all .htaccess files in your application directories.  Look for all "mod_auth_openidc" related directives and "mod_authnz_ldap" directives and remove those configurations.  For example:

cd {{doc_root}}
find . -name ".htaccess" -exec /usr/bin/egrep -il "openid-connect|require|authldap" {} \;

The relevant directives for each of these modules can be found here:

  1. You will need to configure your site to use OIDC in your application.  This may be application-specific, depending on your application.  Documentation is available for the following applications:
    1. Knowledge Article #8341 Install and Configure OpenID Connect (OIDC) Client for WordPress in an AFS-based Virtual Host
    2. Knowledge Article #8342 Install and Configure OpenID Connect (OIDC) Client for Drupal in an AFS-based Virtual Host
    3. Knowledge Article #8730 Configure a PHP Application to use OpenID Connect (OIDC)

When you are done, contact and ask us to remove the mod_auth_openidc directives from your websites’ Apache HTTPD server configuration.

Additional Information

Need additional information or assistance? Contact the ITS Service Center.