Skip to content

Commit

Permalink
use encrypted JWTs for storing encrypted cache contents
Browse files Browse the repository at this point in the history 
- avoid using static AAD/IV; thanks @niebardzo
- bump to 2.4.9-dev

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
@zandbelt
zandbelt committed Jun 10, 2021
1 parent 56d2e02 commit 375407c
Show file tree
Hide file tree
Showing 7 changed files with 103 additions and 377 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,5 @@
/Dockerfile-*
/*.rpm

/config.guess~
/config.sub~
4 changes: 4 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
06/10/2021
- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV; thanks @niebardzo
- bump to 2.4.9-dev

06/04/2021
- fix a problem where the host and port are calculated incorrectly, when you use literal ipv6 address.

Expand Down
11 changes: 8 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
FROM ubuntu:bionic
MAINTAINER [email protected]

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install -y pkg-config make gcc gdb lcov valgrind vim curl iputils-ping wget
RUN apt-get update && apt-get install -y autoconf automake libtool
RUN apt-get update && apt-get install -y libssl-dev libjansson-dev libcurl4-openssl-dev check
#RUN apt-get update && apt-get install -y libcjose-dev
RUN apt-get update && apt-get install -y apache2 apache2-dev

RUN apt-get update && apt-get install -y libpcre3-dev zlib1g-dev
RUN apt-get update && apt-get install -y libapache2-mod-php

RUN wget https://mod-auth-openidc.org/download/libcjose0_0.6.1.5-1~bionic+1_amd64.deb
RUN wget https://mod-auth-openidc.org/download/libcjose-dev_0.6.1.5-1~bionic+1_amd64.deb
Expand Down Expand Up @@ -35,4 +36,8 @@ ADD openidc.conf /etc/apache2/conf-available
RUN a2enconf openidc
RUN /usr/sbin/apache2ctl start

# docker run -p 443:443 -it 749d1204d189 /bin/bash -c "source /etc/apache2/envvars && valgrind --leak-check=full /usr/sbin/apache2 -X"
RUN mkdir -p /var/www/html/protected
RUN echo "<html><body><h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1><pre><?php print_r(array_map(\"htmlentities\", apache_request_headers())); ?></pre><a href=\"/protected/?logout=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html\">Logout</a></body></html>" > /var/www/html/protected/index.php
RUN mkdir -p /var/www/html/api && cp /var/www/html/protected/index.php /var/www/html/api

# docker run -p 443:443 -it mod_auth_openidc /bin/bash -c "source /etc/apache2/envvars && valgrind --leak-check=full /usr/sbin/apache2 -X"
2 changes: 1 addition & 1 deletion configure.ac
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AC_INIT([mod_auth_openidc],[2.4.8.4],[[email protected]])
AC_INIT([mod_auth_openidc],[2.4.9-dev],[[email protected]])

AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())

Expand Down
2 changes: 2 additions & 0 deletions openidc.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ OIDCCryptoPassphrase blabla1234

OIDCInfoHook iat access_token access_token_expires id_token userinfo refresh_token session

OIDCScope "openid email profile"

<Location /protected>
AuthType openid-connect
Require valid-user
Expand Down
Loading

0 comments on commit 375407c

Please sign in to comment.