documentation:2.1:authwebid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authwebid [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== WebID ======
  
 +^  Authentication  ^  Users  ^  Password  ^
 +|  ✔  |  ✔  | |
 +
 +===== Presentation =====
 +
 +[[http://www.w3.org/wiki/WebID|WebID]] is a way to uniquely identify a person, company, organisation, or other agent using a URI and a certificate.
 +
 +You need [[https://metacpan.org/release/Web-ID|Web::ID]] package.
 +
 +===== Configuration =====
 +
 +In Manager, go in ''General Parameters'' > ''Authentication modules'' and choose WebID for authentication module. You can also use WebID as user database.
 +
 +Then, go in ''WebID parameters'':
 +  * **Authentication level**: authentication level for this module.
 +  * **WebID whitelist**: list of space separated hosts granted to host FOAF document. You can use '*' character. Example :<code>*.partner.com</code>
 +
 +If you use WebID as user database, declare values in **exported variables** :
 +  * use any key name you want. If you want to refuse access when a data is missing, just add a "!" before the key name
 +  * in the value field, set the field name. Take a look at [[http://xmlns.com/foaf/spec/#sec-crossref]]. Example :<code>name => foaf:name</code> 
 +
 +See also [[exportedvars|exported variables configuration]].
 +
 +==== Apache configuration ====
 +
 +Portal host must be configured to use SSL and must ask for client certificate. It is recommended to use optional_no_ca since WebID doesn't use certificate authorities :
 +<file apache>
 +<VirtualHost _default_:443>
 +ServerName auth.example.com
 +SSLEngine on
 +SSLCertificateFile ...
 +SSLCertificateKeyFile ...
 +SSLVerifyClient optional_no_ca
 +...
 +</VirtualHost>
 +</file>
 +
 +==== Tests ====
 +
 +To test this, you can build your own WebID certificate using one of :
 +  * [[https://metacpan.org/module/Web::ID::Certificate::Generator|Web::ID::Certificate::Generator]]
 +  * [[https://my-profile.eu/|my-profile.eu]]
 +  * [[https://gist.github.com/njh/2432427|gen-webid-cert.sh]]