Environment
Cosign, AFS
Issue
If your site is currently configured to use OpenID Connect (OIDC) via "mod_auth_openidc" at the web server for authentication, you will need to update your site's application configuration to use OIDC in the application instead.
Resolution
There are a number of things to look for in your site code/configuration which you will need to review and remove prior to updating to use OIDC .
Look for these things, remove them if you find them:
- .htaccess file: mod_auth_openidc, mod_authnz_ldap directives
Locate all .htaccess files in your application directories. Look for all "mod_auth_openidc" related directives and "mod_authnz_ldap" directives and remove those configurations. For example:
cd {{doc_root}}
find . -name ".htaccess" -exec /usr/bin/egrep -il "openid-connect|require|authldap" {} \;
The relevant directives for each of these modules can be found here:
- You will need to configure your site to use OIDC in your application. This may be application-specific, depending on your application. Documentation is available for the following applications:
- Knowledge Article #8341 Install and Configure OpenID Connect (OIDC) Client for WordPress in an AFS-based Virtual Host
- Knowledge Article #8342 Install and Configure OpenID Connect (OIDC) Client for Drupal in an AFS-based Virtual Host
- Knowledge Article #8730 Configure a PHP Application to use OpenID Connect (OIDC)
When you are done, contact webmaster@umich.edu and ask us to remove the mod_auth_openidc directives from your websites’ Apache HTTPD server configuration.
Additional Information
Need additional information or assistance? Contact the ITS Service Center.