IMPORTANT: This guide assumes that you are installing all the components of the Identity Solution in the same system, and that you try it out from the same system (i.e., we assume that everything is done within the localhost).
This sample demonstrate how the relying party Apache2 module (mod_cspace) can be used to enable CardSpace authentication on a PHP web application.
Requirements:
keys
directory contains three PEM encoded files: server.key
, server.crt
, and cacert.crt
which are respectively the server private key, server certificate (public key), and certificate authority's certificate.
Your configuration of keys in httpd.conf
should look like the following:
SSLCertificateFile /usr/local/apache2/conf/keys/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/keys/server.key SSLCACertificateFile /usr/local/apache2/conf/keys/cacert.crt
mod_cspace.so
file provided with the distribution to the modules directory of your apache installation. (usually /usr/lib/apache2/modules/)
Copy php-sample
directory to the document root of your Apache2 installation.
Set the environment variable WSFC_HOME
to point to the wsf-c
directory inside the package extracted (i.e., the package which contained this sample).
Set the environment variable LD_LIBRARY_PATH
to include the wsf-c/lib
directory as well.
For instance if your current working directory is where you have extracted the identity solution package:
% export WSFC_HOME = `pwd`/wsfc-id % export LD_LIBRARY_PATH = ${WSFC_HOME}/lib
httpd.conf
)Following configuration should be done in your httpd.conf
file of the Apache 2 installation. Assuming that you have copied the php-sample
to the document root of your Apache2 installation, the configuration in your httpd.conf
should be as follows:
LoadModule cspace_module modules/mod_cspace.so <Location /php-sample/> UseCardSpaceAuth CardSpaceTVS http://localhost:12080/wsas/services/RelyingPartyService </Location>IMPORTANT:
SSLCertificateKeyFile
directive should be already in the httpd.conf
file.cacert.crt
certificate in your certificate stores so that the web app will be trusted by the identity-selector.