lemonldap-ng¶

Configure an OpenID Connect Identity Provider, to be used with an OpenID Connect Relying Party e.g. libapache2-mod-auth-openidc.

Test install for bullseye/buster:

# /usr/share/doc/lemonldap-ng/README.Debian

apt install openid-connect-provider \
  apache2 libapache2-mod-perl2 libapache2-mod-fcgid \
  libfcgi-perl libstring-random-perl libmime-tools-perl libemail-sender-perl \
  libgd-securityimage-perl libimage-magick-perl

cat /etc/lemonldap-ng/for_etc_hosts >> /etc/hosts
a2enmod perl fcgid rewrite headers
a2ensite portal-apache2.conf manager-apache2.conf handler-apache2.conf

# bullseye:
mkdir /var/lib/lemonldap-ng/cache
chown www-data: /var/lib/lemonldap-ng/cache

service apache2 restart

# http://auth.example.com/
# dwho:dwho rtyler:rtyler msmith:msmith


# OpenID Connect Identity Provider
# https://lemonldap-ng.org/documentation/latest/cli_examples#configure-openid-connect-identity-provider
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
    set \
        issuerDBOpenIDConnectActivation 1

cd /etc/lemonldap-ng/
openssl genrsa -out oidc.key 4096
openssl rsa -pubout -in oidc.key -out oidc_pub.key

/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
  set \
      oidcServicePrivateKeySig "`cat oidc.key`" \
      oidcServicePublicKeySig "`cat oidc_pub.key`" \
      oidcServiceKeyIdSig "randomstring"

service apache2 restart
curl http://auth.example.com/.well-known/openid-configuration

lemonldap-ng¶

Debian LTS Team

Navigation

Related Topics