Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Apache Web Server with the I2A2::Access Module

To use the I2A2::Access Module you must have an Apache Web Server built with mod_ssl and mod_perl.

If you're familiar with building an Apache Web Server, you need to build Apache with the mod_ssl and mod_perl extensions.

If you're not familiar with building an Apache Web Server, the "Apache" package (below) will do most (if not all) of the work. Building the Apache Server also requires having OpenSSL, so the "OpenSSL" package may also be useful.

If you want to install the I2A2 Apache package on Linux, you might want to consult notes on doing that, provided by Michael Witt of the Purdue Libraries.

I2A2:Access Module

You'll also need the following Perl modules. These are included in the "modules" package (below).

And, finally, the I2A2 package (see below).

Packages

The following packages have been put together to help in building the Apache Server:

Fetch the packages you need and extract each of them into the same directory. Then, "cd" into I2A2_build (the packages all share this top level directory) and run ./Config. Config will ask where OpenSSL and Apache are installed (or should be installed) and generate an appropriate Makefile for each package you extracted.

Then "cd" into each directory and run "make" and "make install"

Setting up the I2A2::Access Module

Once you have an Apache Server with mod_perl and mod_ssl installed. . .

To accept Purdue Certificates, you must have a copy of the Purdue CA public key certificate installed in the CA bundle for Apache (normally conf/ssl.crt/ca-bundle.crt). If you used the 1.3.27 package to build Apache, or used the mod_ssl-2.8.12-1.3.27 patch the certificate should already be installed.

You also need to have a certificate for your Apache SSL server. You can generate a self-signed certificate by returning to the Apache sources and running "make certificate". Then copy the cerficate (and key) from conf/ssl.crt/server.crt (conf/ssl.key/server.key) in the source tree to conf/ssl.crt/server.crt (conf/ssl.key/server.key) in the Apache installation.

Ports - The following services need to be available in /etc/services (or /etc/inet/services):

              authc		1561/tcp	# CC - I2A2 authenticator, text access
              authcs		1562/tcp	# CC - I2A2 authenticator, SSL access
              authz		1563/tcp	# CC - I2A2 authorizer, text access
              authzs		1564/tcp	# CC - I2A2 authorizer, SSL access
              refl		1565/tcp	# CC - I2A2 reflector, text access
              refls		1566/tcp	# CC - I2A2 reflector, SSL access
            

In the Apache configuration file, httpd.conf, you need to set up the variables TicketLoginURL and TicketSecret, describe the desired permissions for directories you wish to protect, and set up the login pages in the SSL Server. Here is more information on setting up the configuration.

The I2A2::Access related Apache configuration directives are described in I2A2::Access Apache documentation.

Feedback | Contact Purdue
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.