Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authwebid [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== WebID ======
  
 +^  Authentication ​ ^  Users  ^  Password ​ ^
 +|  ✔  |  ✔  | |
 +
 +===== Presentation =====
 +
 +[[http://​www.w3.org/​wiki/​WebID|WebID]] is a way to uniquely identify a person, company, organisation,​ or other agent using a URI and a certificate.
 +
 +You need [[https://​metacpan.org/​release/​Web-ID|Web::​ID]] package.
 +
 +===== Configuration =====
 +
 +In Manager, go in ''​General Parameters''​ > ''​Authentication modules''​ and choose WebID for authentication module. You can also use WebID as user database.
 +
 +Then, go in ''​WebID parameters'':​
 +  * **Authentication level**: authentication level for this module.
 +  * **WebID whitelist**:​ list of space separated hosts granted to host FOAF document. You can use '​*'​ character. Example :<​code>​*.partner.com</​code>​
 +
 +If you use WebID as user database, declare values in **exported variables** :
 +  * use any key name you want. If you want to refuse access when a data is missing, just add a "​!"​ before the key name
 +  * in the value field, set the field name. Take a look at [[http://​xmlns.com/​foaf/​spec/#​sec-crossref]]. Example :<​code>​name => foaf:​name</​code> ​
 +
 +See also [[exportedvars|exported variables configuration]].
 +
 +==== Apache configuration ====
 +
 +Portal host must be configured to use SSL and must ask for client certificate. It is recommended to use optional_no_ca since WebID doesn'​t use certificate authorities :
 +<file apache>
 +<​VirtualHost _default_:​443>​
 +ServerName auth.example.com
 +SSLEngine on
 +SSLCertificateFile ...
 +SSLCertificateKeyFile ...
 +SSLVerifyClient optional_no_ca
 +...
 +</​VirtualHost>​
 +</​file>​
 +
 +==== Tests ====
 +
 +To test this, you can build your own WebID certificate using one of :
 +  * [[https://​metacpan.org/​module/​Web::​ID::​Certificate::​Generator|Web::​ID::​Certificate::​Generator]]
 +  * [[https://​my-profile.eu/​|my-profile.eu]]
 +  * [[https://​gist.github.com/​njh/​2432427|gen-webid-cert.sh]]