Reconfigure a Drupal 9 Site in an AFS-based Virtual Host to Use OpenID Connect (OIDC) Client for Web Application based Authentication

Environment

Drupal CMS, AFS virtual host

Issue

How to reconfigure Drupal 9 CMS in an AFS-based virtual host to use OpenID Connect Client for web application based authentication

Resolution

1. There are minimum PHP version requirements
   1. The AFS Virtual Web Hosting service offered by ITS Web Hosting provides server environments for both PHP 7.3 and 8.1
   2. If your site is currently running on an older version of PHP, you will need to upgrade
      1. To do so, you need to contact the ITS Web Hosting Team at webmaster@umich.edu to request migration to one of these newer PHP environments
2. Your website must be designed and configured for HTTPS only
   1. If any part of your Drupal 9 instance is accessible by HTTP rather than HTTPS, you will need to reconfigure your site so all pages are accessible only via HTTPS
3. If you are migrating from "mod_auth_openidc" for authentication, you will need to make changes to your site to remove any related configuration and/or module(s)
   1. Please refer to the Knowledge Base article #8929 "How to Identify and Remove "mod_auth_openidc" Configurations from an AFS-based Virtual Host"
4. You will need to contact the ITS Web Team to request changes to remove any mod_auth_openidc configuration at the web server (Apache HTTPD) layer as well
5. Install and configure the "openid_connect" module in your Drupal instance
   1. Please see the Knowledge Article #8342 Install and Configure OpenID Connect (OIDC) Client for Drupal in an AFS-based Virtual Host for more information

Additional Information

Need additional information or assistance? Contact the ITS Service Center.