OpenID-eID: Difference between revisions
Jump to navigation
Jump to search
Content deleted Content added
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
Here are my attempts to create an [[OpenID]] provider based on the [[Belgian eID]] |
Here are my attempts to create an [[OpenID]] provider based on the [[Belgian eID]] |
||
Let's get apache2, php5 and openssl stuff: |
|||
apt-get install apache2-utils apache2-mpm-prefork libapache2-mod-php5 php5 openssl ssl-cert |
|||
Details on apache2 config... |
|||
* requires client certificate |
|||
* import Belgium Root CA for validation of the client certificates |
|||
TODO: cf apache proxy proposed by the government: |
|||
* [http://issues.apache.org/bugzilla/show_bug.cgi?id=41123 OCSP support for mod_ssl] |
|||
* [http://issues.apache.org/bugzilla/show_bug.cgi?id=35083 Certificate validation problems trapping] |
|||
Hacking [http://siege.org/projects/phpMyID/ phpMyID] |
|||
Details on the patch |
|||
* remove HTTP Digest for the authorization step |
|||
* redirect authorization to HTTPS as we'll deal with SSL client certificates |
|||
Revision as of 19:58, 19 February 2008
Here are my attempts to create an OpenID provider based on the Belgian eID
Let's get apache2, php5 and openssl stuff:
apt-get install apache2-utils apache2-mpm-prefork libapache2-mod-php5 php5 openssl ssl-cert
Details on apache2 config...
- requires client certificate
- import Belgium Root CA for validation of the client certificates
TODO: cf apache proxy proposed by the government:
Hacking phpMyID
Details on the patch
- remove HTTP Digest for the authorization step
- redirect authorization to HTTPS as we'll deal with SSL client certificates