From: Graham Leggett Date: Tue, 25 Apr 2023 17:52:58 +0000 (+0000) Subject: Regenerate docs. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=409508c6dbd16d84a06b89c2a884644266888c89;p=thirdparty%2Fapache%2Fhttpd.git Regenerate docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909412 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/developer/new_api_2_6.html.en.utf8 b/docs/manual/developer/new_api_2_6.html.en.utf8 index e9efb390f89..ad3c6146804 100644 --- a/docs/manual/developer/new_api_2_6.html.en.utf8 +++ b/docs/manual/developer/new_api_2_6.html.en.utf8 @@ -62,6 +62,22 @@

Introduces a new API to fill me in.

+

http_request (changed)

+ + + + +

mod_auth (changed)

+ +

Adds an additional provider framework for autht - token authentication.

+ +
top

Specific information on upgrading modules from 2.4

diff --git a/docs/manual/mod/allmodules.xml b/docs/manual/mod/allmodules.xml index fb0599b4f83..0a9d8b752bd 100644 --- a/docs/manual/mod/allmodules.xml +++ b/docs/manual/mod/allmodules.xml @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml mod_auth_basic.xml + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/allmodules.xml.de b/docs/manual/mod/allmodules.xml.de index 88b0200fc21..a006ef32e6f 100644 --- a/docs/manual/mod/allmodules.xml.de +++ b/docs/manual/mod/allmodules.xml.de @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml mod_auth_basic.xml + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/allmodules.xml.es b/docs/manual/mod/allmodules.xml.es index 162959f4f97..adbf12bc0cb 100644 --- a/docs/manual/mod/allmodules.xml.es +++ b/docs/manual/mod/allmodules.xml.es @@ -10,6 +10,7 @@ mod_allowmethods.xml.es mod_asis.xml.es mod_auth_basic.xml.es + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/allmodules.xml.fr b/docs/manual/mod/allmodules.xml.fr index eec64c1307e..96eb4eec3fb 100644 --- a/docs/manual/mod/allmodules.xml.fr +++ b/docs/manual/mod/allmodules.xml.fr @@ -10,6 +10,7 @@ mod_allowmethods.xml.fr mod_asis.xml.fr mod_auth_basic.xml.fr + mod_auth_bearer.xml mod_auth_digest.xml.fr mod_auth_form.xml.fr mod_authn_anon.xml.fr @@ -20,6 +21,8 @@ mod_authn_socache.xml.fr mod_authnz_fcgi.xml.fr mod_authnz_ldap.xml.fr + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml.fr mod_authz_dbd.xml.fr mod_authz_dbm.xml.fr diff --git a/docs/manual/mod/allmodules.xml.ja b/docs/manual/mod/allmodules.xml.ja index 0bf76503fe8..41e672e09f3 100644 --- a/docs/manual/mod/allmodules.xml.ja +++ b/docs/manual/mod/allmodules.xml.ja @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml.ja mod_auth_basic.xml.ja + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml.ja @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/allmodules.xml.ko b/docs/manual/mod/allmodules.xml.ko index 56518322f4e..e48a33dcd65 100644 --- a/docs/manual/mod/allmodules.xml.ko +++ b/docs/manual/mod/allmodules.xml.ko @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml.ko mod_auth_basic.xml.ko + mod_auth_bearer.xml mod_auth_digest.xml.ko mod_auth_form.xml mod_authn_anon.xml.ko @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml.ko diff --git a/docs/manual/mod/allmodules.xml.tr b/docs/manual/mod/allmodules.xml.tr index 73964e6954f..803b9453615 100644 --- a/docs/manual/mod/allmodules.xml.tr +++ b/docs/manual/mod/allmodules.xml.tr @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml mod_auth_basic.xml + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/allmodules.xml.zh-cn b/docs/manual/mod/allmodules.xml.zh-cn index fb0599b4f83..0a9d8b752bd 100644 --- a/docs/manual/mod/allmodules.xml.zh-cn +++ b/docs/manual/mod/allmodules.xml.zh-cn @@ -10,6 +10,7 @@ mod_allowmethods.xml mod_asis.xml mod_auth_basic.xml + mod_auth_bearer.xml mod_auth_digest.xml mod_auth_form.xml mod_authn_anon.xml @@ -20,6 +21,8 @@ mod_authn_socache.xml mod_authnz_fcgi.xml mod_authnz_ldap.xml + mod_autht_core.xml + mod_autht_jwt.xml mod_authz_core.xml mod_authz_dbd.xml mod_authz_dbm.xml diff --git a/docs/manual/mod/directives.html.en.utf8 b/docs/manual/mod/directives.html.en.utf8 index 27ef9fca4d5..04022ee4163 100644 --- a/docs/manual/mod/directives.html.en.utf8 +++ b/docs/manual/mod/directives.html.en.utf8 @@ -91,6 +91,9 @@
  • AuthBasicFake
  • AuthBasicProvider
  • AuthBasicUseDigestAlgorithm
    • +
  • AuthBearerAuthoritative
    • +
  • AuthBearerProvider
    • +
  • AuthBearerProxy
  • AuthDBDUserPWQuery
  • AuthDBDUserRealmQuery
  • AuthDBMGroupFile
    • @@ -149,6 +152,11 @@
  • <AuthnProviderAlias>
  • AuthnzFcgiCheckAuthnProvider
  • AuthnzFcgiDefineProvider
    • +
  • AuthtJwtClaim
    • +
  • AuthtJwtDriver
    • +
  • AuthtJwtSign
    • +
  • AuthtJwtVerify
    • +
  • <AuthtProviderAlias>
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/index.html.en.utf8 b/docs/manual/mod/index.html.en.utf8 index 6839615d651..e662100088f 100644 --- a/docs/manual/mod/index.html.en.utf8 +++ b/docs/manual/mod/index.html.en.utf8 @@ -80,6 +80,7 @@ address)
    mod_asis
    Sends files that contain their own HTTP headers
    mod_auth_basic
    Basic HTTP authentication
    +
    mod_auth_bearer
    Bearer HTTP authentication
    mod_auth_digest
    User authentication using MD5 Digest Authentication
    mod_auth_form
    Form authentication
    @@ -95,6 +96,8 @@ the load on backends httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    +
    mod_autht_core
    Core Token Handling
    +
    mod_autht_jwt
    Token authentication using JWT tokens
    mod_authz_core
    Core Authorization
    mod_authz_dbd
    Group Authorization and Login using SQL
    mod_authz_dbm
    Group authorization using DBM files
    diff --git a/docs/manual/mod/mod_auth_bearer.html b/docs/manual/mod/mod_auth_bearer.html new file mode 100644 index 00000000000..ea07223e332 --- /dev/null +++ b/docs/manual/mod/mod_auth_bearer.html @@ -0,0 +1,5 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: mod_auth_bearer.html.en.utf8 +Content-Language: en +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/mod/mod_auth_bearer.html.en.utf8 b/docs/manual/mod/mod_auth_bearer.html.en.utf8 new file mode 100644 index 00000000000..94d2e415e6e --- /dev/null +++ b/docs/manual/mod/mod_auth_bearer.html.en.utf8 @@ -0,0 +1,189 @@ + + + + + +mod_auth_bearer - Apache HTTP Server Version 2.5 + + + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.5

    +
    +
    <-
    + +
    +

    Apache Module mod_auth_bearer

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Bearer HTTP authentication
    Status:Base
    Module Identifier:auth_bearer_module
    Source File:mod_auth_bearer.c
    +

    Summary

    + +

    This module allows the use of HTTP Bearer Authentication to + restrict access by passing the bearer token to the given providers. + This module should be combined with at least one token module + such as mod_autht_jwt and one authorization + module such as mod_authz_user.

    +
    + + +
    top
    +

    AuthBearerAuthoritative Directive

    + + + + + + + + +
    Description:Sets whether token verification is passed to lower level +modules
    Syntax:AuthBearerAuthoritative On|Off
    Default:AuthBearerAuthoritative On
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_auth_bearer
    +

    Normally, each token verification module listed in AuthBearerProvider will attempt + to verify the token, and if the token is not found to be valid, + access will be denied. Setting the + AuthBearerAuthoritative directive explicitly + to Off allows for token verification to be passed on to + other non-provider-based modules if the token is not recognised. + This should only be necessary when combining + mod_auth_bearer with third-party modules that are not + configured with the + AuthBearerProvider + directive. When using such modules, the order of processing + is determined in the modules' source code and is not configurable.

    + +
    +
    top
    +

    AuthBearerProvider Directive

    + + + + + + + + +
    Description:Sets the authentication provider(s) for this location
    Syntax:AuthBearerProvider provider-name +[provider-name] ...
    Default:AuthBearerProvider file
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_auth_bearer
    +

    The AuthBearerProvider directive sets + which provider is used to verify tokens for this location. + The default jwt provider is implemented + by the mod_autht_jwt module. Make sure + that the chosen provider module is present in the server.

    +

    Example

    <Location "/secure">
+    AuthType bearer
+    AuthName "private area"
+    AuthBearerProvider jwt
+    AuthtJwtVerify hs256 file "/www/etc/jwt.secret"
+    Require            valid-user
+</Location>
    +
    +

    Providers are queried in order until a provider finds a match + for the requested token. This usually means that the token has been + correctly signed, or that the token has not expired.

    + +

    The first implemented provider is mod_autht_jwt.

    + +
    +
    top
    +

    AuthBearerProxy Directive

    + + + + + + + + + +
    Description:Pass a bearer authentication token over a proxy connection +generated using the given expression
    Syntax:AuthBearerProxy off|expression
    Default:none
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_auth_bearer
    Compatibility:Apache HTTP Server 2.5.1 and later
    +

    The expression specified is passed as a bearer token in the + Authorization header, which is passed to the server or service + behind the webserver. The expression is interpreted using the + expression parser, which allows the + token to be set based on request parameters.

    + +
    + The Authorization header added by this directive is not + input into any authentication or authorization within the local + server. It is designed to be passed along to upstream servers. +
    + +

    In this example, we pass a fixed token to a backend server.

    + +

    Fixed Example

    <Location "/demo">
+    AuthBearerProxy my-fixed-token
+</Location>
    +
    + +

    In this example, we pass the query string as the token to the + backend server.

    + +

    Query String Example

    <Location "/secure">
+    AuthBearerProxy "%{QUERY_STRING}"
+</Location>
    +
    + +

    Exclusion Example

    <Location "/public">
+    AuthBearerProxy off
+</Location>
    +
    + + +
    +
    +
    +

    Available Languages:  en 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_auth_bearer.xml.meta b/docs/manual/mod/mod_auth_bearer.xml.meta new file mode 100644 index 00000000000..62409d37bd6 --- /dev/null +++ b/docs/manual/mod/mod_auth_bearer.xml.meta @@ -0,0 +1,12 @@ + + + + + mod_auth_bearer + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/mod_autht_core.html b/docs/manual/mod/mod_autht_core.html new file mode 100644 index 00000000000..4b5c368ef1c --- /dev/null +++ b/docs/manual/mod/mod_autht_core.html @@ -0,0 +1,5 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: mod_autht_core.html.en.utf8 +Content-Language: en +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/mod/mod_autht_core.html.en b/docs/manual/mod/mod_autht_core.html.en new file mode 100644 index 00000000000..11afc8e71f4 --- /dev/null +++ b/docs/manual/mod/mod_autht_core.html.en @@ -0,0 +1,143 @@ + + + + + +mod_autht_core - Apache HTTP Server Version 2.5 + + + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.5

    +
    +
    <-
    + +
    +

    Apache Module mod_autht_core

    +
    +

    Available Languages:  en 

    +
    + + + + +
    Description:Core Token Handling
    Status:Base
    Module Identifier:autht_core_module
    Source File:mod_autht_core.c
    Compatibility:Available in Apache 2.5 and later
    +

    Summary

    + +

    This module provides core token handling capabilities to + allow or deny access to portions of the web site. + mod_autht_core provides directives that are + common to all token providers.

    +
    + +
    top
    +
    +

    Creating Token Provider Aliases

    + +

    Extended token providers can be created within the configuration + file and assigned an alias name. The alias providers can then be + referenced through the + AuthBearerProvider + directive in the same way as a base token provider. Besides the + ability to create and alias an extended provider, it also allows + the same extended token provider to be reference by multiple + locations.

    + +

    Examples

    + +

    This example checks for JWT token signatures in two different + secret files.

    + +

    Checking multiple sources for JWT tokens

    # Check here first
+<AuthtProviderAlias jwt jwt1>
+    AuthtJwtVerify hs256 file "/www/conf/realm1.secret"
+</AuthtProviderAlias>
+
+# Then check here
+<AuthtProviderAlias jwt jwt2>
+    AuthtJwtVerify hs256 file "/www/conf/realm2.secret"
+</AuthtProviderAlias>
+
+<Directory "/var/web/pages/secure">
+    AuthBearerProvider jwt1 jwt2
+
+    AuthType Basic
+    AuthName "Protected Area"
+    Require valid-user
+</Directory>
    +
    + + + +
    +
    top
    +

    <AuthtProviderAlias> Directive

    + + + + + + +
    Description:Enclose a group of directives that represent an +extension of a base token provider and referenced by the specified +alias
    Syntax:<AuthtProviderAlias baseProvider Alias> +... </AuthtProviderAlias>
    Context:server config
    Status:Base
    Module:mod_autht_core
    +

    <AuthtProviderAlias> and + </AuthtProviderAlias> are used to enclose a group of + authentication directives that can be referenced by the alias name + using the + AuthBearerProvider.

    + +
    This directive has no affect on authentication or authorization, + even for modules that provide both authentication and authorization + in addition to token handling.
    + +
    +
    +
    +

    Available Languages:  en 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_autht_core.html.en.utf8 b/docs/manual/mod/mod_autht_core.html.en.utf8 new file mode 100644 index 00000000000..1407c85ad03 --- /dev/null +++ b/docs/manual/mod/mod_autht_core.html.en.utf8 @@ -0,0 +1,143 @@ + + + + + +mod_autht_core - Apache HTTP Server Version 2.5 + + + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.5

    +
    +
    <-
    + +
    +

    Apache Module mod_autht_core

    +
    +

    Available Languages:  en 

    +
    + + + + +
    Description:Core Token Handling
    Status:Base
    Module Identifier:autht_core_module
    Source File:mod_autht_core.c
    Compatibility:Available in Apache 2.5 and later
    +

    Summary

    + +

    This module provides core token handling capabilities to + allow or deny access to portions of the web site. + mod_autht_core provides directives that are + common to all token providers.

    +
    + +
    top
    +
    +

    Creating Token Provider Aliases

    + +

    Extended token providers can be created within the configuration + file and assigned an alias name. The alias providers can then be + referenced through the + AuthBearerProvider + directive in the same way as a base token provider. Besides the + ability to create and alias an extended provider, it also allows + the same extended token provider to be reference by multiple + locations.

    + +

    Examples

    + +

    This example checks for JWT token signatures in two different + secret files.

    + +

    Checking multiple sources for JWT tokens

    # Check here first
+<AuthtProviderAlias jwt jwt1>
+    AuthtJwtVerify hs256 file "/www/conf/realm1.secret"
+</AuthtProviderAlias>
+
+# Then check here
+<AuthtProviderAlias jwt jwt2>
+    AuthtJwtVerify hs256 file "/www/conf/realm2.secret"
+</AuthtProviderAlias>
+
+<Directory "/var/web/pages/secure">
+    AuthBearerProvider jwt1 jwt2
+
+    AuthType Basic
+    AuthName "Protected Area"
+    Require valid-user
+</Directory>
    +
    + + + +
    +
    top
    +

    <AuthtProviderAlias> Directive

    + + + + + + +
    Description:Enclose a group of directives that represent an +extension of a base token provider and referenced by the specified +alias
    Syntax:<AuthtProviderAlias baseProvider Alias> +... </AuthtProviderAlias>
    Context:server config
    Status:Base
    Module:mod_autht_core
    +

    <AuthtProviderAlias> and + </AuthtProviderAlias> are used to enclose a group of + authentication directives that can be referenced by the alias name + using the + AuthBearerProvider.

    + +
    This directive has no affect on authentication or authorization, + even for modules that provide both authentication and authorization + in addition to token handling.
    + +
    +
    +
    +

    Available Languages:  en 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_autht_core.xml.meta b/docs/manual/mod/mod_autht_core.xml.meta new file mode 100644 index 00000000000..ace04e45004 --- /dev/null +++ b/docs/manual/mod/mod_autht_core.xml.meta @@ -0,0 +1,12 @@ + + + + + mod_autht_core + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/mod_autht_jwt.html b/docs/manual/mod/mod_autht_jwt.html new file mode 100644 index 00000000000..89d70e2780f --- /dev/null +++ b/docs/manual/mod/mod_autht_jwt.html @@ -0,0 +1,5 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: mod_autht_jwt.html.en.utf8 +Content-Language: en +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/mod/mod_autht_jwt.html.en.utf8 b/docs/manual/mod/mod_autht_jwt.html.en.utf8 new file mode 100644 index 00000000000..4df50ae85d4 --- /dev/null +++ b/docs/manual/mod/mod_autht_jwt.html.en.utf8 @@ -0,0 +1,240 @@ + + + + + +mod_autht_jwt - Apache HTTP Server Version 2.5 + + + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.5

    +
    +
    <-
    + +
    +

    Apache Module mod_autht_jwt

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Token authentication using JWT tokens
    Status:Base
    Module Identifier:autht_jwt_module
    Source File:mod_autht_jwt.c
    +

    Summary

    + +

    This module provides token parsing front-ends such as + mod_auth_bearer the ability to authenticate users + by verifying a JWT token as described in + RFC 7519.

    + +

    A JWT token is read from the Authorization header + with an auth-scheme of Bearer.

    + +

    When using mod_auth_bearer this module is invoked + via the + AuthBearerProvider + with the jwt value.

    + +

    This module can also be used standalone to generate JWT tokens + for passing to a backend server or service. Claims are embedded within + a token, which is then optionally signed, and passed using the + Authorization header as a Bearer token.

    +
    + + +
    top
    +

    AuthtJwtClaim Directive

    + + + + + + + +
    Description:Set a claim with the given name and expression, or unset the claim with the given name
    Syntax:AuthtJwtVerify [set|unset] name [value]
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_autht_jwt
    +

    The AuthtJwtClaim directive adds and/or removes + claims from token being passed to the backend server or service.

    + +

    When a claim is set, the value of the claim is the result of an expression. The + expression may include parameters from a digital certificate, or the name of the + user that has been authenticated to Apache httpd.

    + +

    Pass Remote User Example

    <Location "/secure">
+  AuthtJwtClaim set sub %{REMOTE_USER}
+  AuthtJwtSign hs256 file "/www/conf/jwt.secret"
+</Location>
    +
    + +

    When a claim is unset, the claim previously set is removed from the token.

    + +

    Unset Claim Example

    AuthtJwtClaim set my-claim present
+<Location "/secure">
+  AuthtJwtClaim set sub %{REMOTE_USER}
+  AuthtJwtClaim unset my-claim
+  AuthtJwtSign hs256 file "/www/conf/jwt.secret"
+</Location>
    +
    + + +
    +
    top
    +

    AuthtJwtDriver Directive

    + + + + + + +
    Description:Sets the name of the underlying crypto driver to +use
    Syntax:AuthtJwtDriver name [param[=value]]
    Context:server config, virtual host
    Status:Base
    Module:mod_autht_jwt
    +

    The AuthtJwtDriver directive specifies the name of + the crypto driver to be used for signing and verification. If not specified, + the driver defaults to the recommended driver compiled into APR-util.

    + +

    Follow the instructions in the + SessionCryptoDriver to + set up the driver.

    + +
    +
    top
    +

    AuthtJwtSign Directive

    + + + + + + + +
    Description:The JWS signing algorithm and passphrase/key to sign an outgoing +JWT token
    Syntax:AuthtJwtSign algorithm [type param]
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_autht_jwt
    +

    The AuthtJwtSign directive specifies the algorithm + and secret used to sign outgoing bearer tokens passed to a server or service.

    + +

    If the algorithm type none is selected, the token is not + protected. Use only when the client is trusted, and the channel is protected + through other means, such as mutually authenticated TLS, or unix domain sockets.

    + +

    Set the claims to be sent in the token using the + AuthtJwtClaim directive. The + sub claim is used to pass the remote user.

    + +

    No Verification Example

    <Location "/mutual-tls-secured">
+  AuthtJwtClaim set sub %{REMOTE_USER}
+  AuthtJwtSign none
+</Location>
    +
    + +

    If the algorithm type HS256 is used, the algorithm is set to + HMAC-SHA256, and the secret is set within the file specified + as the third parameter. The contents of the bearer token is still visible, and so + the channel must still be protected from evesdropping through TLS.

    + +

    Verification Example

    <Location "/secure">
+  AuthtJwtClaim set sub %{REMOTE_USER}
+  AuthtJwtSign hs256 file "/www/conf/jwt.secret"
+</Location>
    +
    + + +
    +
    top
    +

    AuthtJwtVerify Directive

    + + + + + + + +
    Description:The JWS signing algorithm and passphrase/key to verify an incoming +JWT token
    Syntax:AuthtJwtVerify algorithm [type param]
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_autht_jwt
    +

    The AuthtJwtVerify directive specifies the algorithm + and secret used to verify incoming bearer tokens.

    + +

    If the algorithm type none is selected, the token is not + protected, and will be accepted as is. Use only when the client is trusted, and the + channel is protected through other means, such as mutually authenticated TLS, or + unix domain sockets.

    + +

    If present, the sub claim is assigned to REMOTE_USER.

    + +

    No Verification Example

    <Location "/mutual-tls-secured">
+  AuthType bearer
+  AuthName example-name
+  AuthBearerProvider jwt
+  AuthtJwtVerify none
+  Require valid-user
+</Location>
    +
    + +

    If the algorithm type HS256 is used, the algorithm is set to + HMAC-SHA256, and the secret is set within the file specified + as the third parameter. The contents of the bearer token is still visible, and so + the channel must still be protected from evesdropping through TLS.

    + +

    If the signature is verified, and if present, the sub claim is + assigned to REMOTE_USER.

    + +

    Verification Example

    <Location "/secure">
+  AuthType bearer
+  AuthName example-name
+  AuthBearerProvider jwt
+  AuthtJwtVerify hs256 file "/www/conf/jwt.secret"
+  Require valid-user
+</Location>
    +
    + + +
    +
    +
    +

    Available Languages:  en 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_autht_jwt.xml.meta b/docs/manual/mod/mod_autht_jwt.xml.meta new file mode 100644 index 00000000000..93004730062 --- /dev/null +++ b/docs/manual/mod/mod_autht_jwt.xml.meta @@ -0,0 +1,12 @@ + + + + + mod_autht_jwt + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/overrides.html.en.utf8 b/docs/manual/mod/overrides.html.en.utf8 index abcb863e5c6..7ed258356c9 100644 --- a/docs/manual/mod/overrides.html.en.utf8 +++ b/docs/manual/mod/overrides.html.en.utf8 @@ -259,120 +259,136 @@ username and password Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. -AuthDBMGroupFilemod_authz_dbm -Sets the name of the database file containing the list +AuthBearerAuthoritativemod_auth_bearer +Sets whether token verification is passed to lower level +modules +AuthBearerProvidermod_auth_bearer +Sets the authentication provider(s) for this location +AuthBearerProxymod_auth_bearer +Pass a bearer authentication token over a proxy connection +generated using the given expression +AuthDBMGroupFilemod_authz_dbm +Sets the name of the database file containing the list of user groups for authorization -AuthDBMTypemod_authn_dbm -Sets the type of database file that is used to +AuthDBMTypemod_authn_dbm +Sets the type of database file that is used to store passwords -AuthDBMUserFilemod_authn_dbm -Sets the name of a database file containing the list of users and +AuthDBMUserFilemod_authn_dbm +Sets the name of a database file containing the list of users and passwords for authentication -AuthDigestAlgorithmmod_auth_digest -Selects the algorithm used to calculate the challenge and +AuthDigestAlgorithmmod_auth_digest +Selects the algorithm used to calculate the challenge and response hashes in digest authentication -AuthDigestDomainmod_auth_digest -URIs that are in the same protection space for digest +AuthDigestDomainmod_auth_digest +URIs that are in the same protection space for digest authentication -AuthDigestNonceFormatmod_auth_digest -Determines how the nonce is generated -AuthDigestNonceLifetimemod_auth_digest -How long the server nonce is valid -AuthDigestProvidermod_auth_digest -Sets the authentication provider(s) for this location -AuthDigestQopmod_auth_digest -Determines the quality-of-protection to use in digest +AuthDigestNonceFormatmod_auth_digest +Determines how the nonce is generated +AuthDigestNonceLifetimemod_auth_digest +How long the server nonce is valid +AuthDigestProvidermod_auth_digest +Sets the authentication provider(s) for this location +AuthDigestQopmod_auth_digest +Determines the quality-of-protection to use in digest authentication -AuthFormAuthoritativemod_auth_form -Sets whether authorization and authentication are passed to +AuthFormAuthoritativemod_auth_form +Sets whether authorization and authentication are passed to lower level modules -AuthFormBodymod_auth_form -The name of a form field carrying the body of the request to attempt on successful login -AuthFormDisableNoStoremod_auth_form -Disable the CacheControl no-store header on the login page -AuthFormFakeBasicAuthmod_auth_form -Fake a Basic Authentication header -AuthFormLocationmod_auth_form -The name of a form field carrying a URL to redirect to on successful login -AuthFormLoginRequiredLocationmod_auth_form -The URL of the page to be redirected to should login be required -AuthFormLoginSuccessLocationmod_auth_form -The URL of the page to be redirected to should login be successful -AuthFormLogoutLocationmod_auth_form -The URL to redirect to after a user has logged out -AuthFormMethodmod_auth_form -The name of a form field carrying the method of the request to attempt on successful login -AuthFormMimetypemod_auth_form -The name of a form field carrying the mimetype of the body of the request to attempt on successful login -AuthFormPasswordmod_auth_form -The name of a form field carrying the login password -AuthFormProvidermod_auth_form -Sets the authentication provider(s) for this location -AuthFormSitePassphrasemod_auth_form -Bypass authentication checks for high traffic sites -AuthFormUsernamemod_auth_form -The name of a form field carrying the login username -AuthGroupFilemod_authz_groupfile -Sets the name of a text file containing the list +AuthFormBodymod_auth_form +The name of a form field carrying the body of the request to attempt on successful login +AuthFormDisableNoStoremod_auth_form +Disable the CacheControl no-store header on the login page +AuthFormFakeBasicAuthmod_auth_form +Fake a Basic Authentication header +AuthFormLocationmod_auth_form +The name of a form field carrying a URL to redirect to on successful login +AuthFormLoginRequiredLocationmod_auth_form +The URL of the page to be redirected to should login be required +AuthFormLoginSuccessLocationmod_auth_form +The URL of the page to be redirected to should login be successful +AuthFormLogoutLocationmod_auth_form +The URL to redirect to after a user has logged out +AuthFormMethodmod_auth_form +The name of a form field carrying the method of the request to attempt on successful login +AuthFormMimetypemod_auth_form +The name of a form field carrying the mimetype of the body of the request to attempt on successful login +AuthFormPasswordmod_auth_form +The name of a form field carrying the login password +AuthFormProvidermod_auth_form +Sets the authentication provider(s) for this location +AuthFormSitePassphrasemod_auth_form +Bypass authentication checks for high traffic sites +AuthFormUsernamemod_auth_form +The name of a form field carrying the login username +AuthGroupFilemod_authz_groupfile +Sets the name of a text file containing the list of user groups for authorization -AuthLDAPAuthorizePrefixmod_authnz_ldap -Specifies the prefix for environment variables set during +AuthLDAPAuthorizePrefixmod_authnz_ldap +Specifies the prefix for environment variables set during authorization -AuthLDAPBindAuthoritativemod_authnz_ldap -Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. -AuthLDAPBindDNmod_authnz_ldap -Optional DN to use in binding to the LDAP server -AuthLDAPBindPasswordmod_authnz_ldap -Password used in conjunction with the bind DN -AuthLDAPCompareAsUsermod_authnz_ldap -Use the authenticated user's credentials to perform authorization comparisons -AuthLDAPCompareDNOnServermod_authnz_ldap -Use the LDAP server to compare the DNs -AuthLDAPDereferenceAliasesmod_authnz_ldap -When will the module de-reference aliases -AuthLDAPGroupAttributemod_authnz_ldap -LDAP attributes used to identify the user members of +AuthLDAPBindAuthoritativemod_authnz_ldap +Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. +AuthLDAPBindDNmod_authnz_ldap +Optional DN to use in binding to the LDAP server +AuthLDAPBindPasswordmod_authnz_ldap +Password used in conjunction with the bind DN +AuthLDAPCompareAsUsermod_authnz_ldap +Use the authenticated user's credentials to perform authorization comparisons +AuthLDAPCompareDNOnServermod_authnz_ldap +Use the LDAP server to compare the DNs +AuthLDAPDereferenceAliasesmod_authnz_ldap +When will the module de-reference aliases +AuthLDAPGroupAttributemod_authnz_ldap +LDAP attributes used to identify the user members of groups. -AuthLDAPGroupAttributeIsDNmod_authnz_ldap -Use the DN of the client username when checking for +AuthLDAPGroupAttributeIsDNmod_authnz_ldap +Use the DN of the client username when checking for group membership -AuthLDAPInitialBindAsUsermod_authnz_ldap -Determines if the server does the initial DN lookup using the basic authentication users' +AuthLDAPInitialBindAsUsermod_authnz_ldap +Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server -AuthLDAPInitialBindPatternmod_authnz_ldap -Specifies the transformation of the basic authentication username to be used when binding to the LDAP server +AuthLDAPInitialBindPatternmod_authnz_ldap +Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup -AuthLDAPMaxSubGroupDepthmod_authnz_ldap -Specifies the maximum sub-group nesting depth that will be +AuthLDAPMaxSubGroupDepthmod_authnz_ldap +Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. -AuthLDAPRemoteUserAttributemod_authnz_ldap -Use the value of the attribute returned during the user +AuthLDAPRemoteUserAttributemod_authnz_ldap +Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable -AuthLDAPRemoteUserIsDNmod_authnz_ldap -Use the DN of the client username to set the REMOTE_USER +AuthLDAPRemoteUserIsDNmod_authnz_ldap +Use the DN of the client username to set the REMOTE_USER environment variable -AuthLDAPSearchAsUsermod_authnz_ldap -Use the authenticated user's credentials to perform authorization searches -AuthLDAPSubGroupAttributemod_authnz_ldap -Specifies the attribute labels, one value per +AuthLDAPSearchAsUsermod_authnz_ldap +Use the authenticated user's credentials to perform authorization searches +AuthLDAPSubGroupAttributemod_authnz_ldap +Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. -AuthLDAPSubGroupClassmod_authnz_ldap -Specifies which LDAP objectClass values identify directory +AuthLDAPSubGroupClassmod_authnz_ldap +Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. -AuthLDAPURLmod_authnz_ldap -URL specifying the LDAP search parameters -AuthMergingmod_authz_core -Controls the manner in which each configuration section's +AuthLDAPURLmod_authnz_ldap +URL specifying the LDAP search parameters +AuthMergingmod_authz_core +Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. -AuthNamemod_authn_core -Authorization realm for use in HTTP +AuthNamemod_authn_core +Authorization realm for use in HTTP authentication -AuthnCacheProvideFormod_authn_socache -Specify which authn provider(s) to cache for -AuthnCacheTimeoutmod_authn_socache -Set a timeout for cache entries +AuthnCacheProvideFormod_authn_socache +Specify which authn provider(s) to cache for +AuthnCacheTimeoutmod_authn_socache +Set a timeout for cache entries +AuthtJwtClaimmod_autht_jwt +Set a claim with the given name and expression, or unset the claim with the given name +AuthtJwtSignmod_autht_jwt +The JWS signing algorithm and passphrase/key to sign an outgoing +JWT token +AuthtJwtVerifymod_autht_jwt +The JWS signing algorithm and passphrase/key to verify an incoming +JWT token AuthTypemod_authn_core Type of user authentication AuthUserFilemod_authn_file diff --git a/docs/manual/mod/quickreference.html.en.utf8 b/docs/manual/mod/quickreference.html.en.utf8 index 67c3d55a985..02763b41967 100644 --- a/docs/manual/mod/quickreference.html.en.utf8 +++ b/docs/manual/mod/quickreference.html.en.utf8 @@ -158,98 +158,115 @@ username and password AuthBasicUseDigestAlgorithm MD5|Off Off dhBCheck passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. -AuthDBDUserPWQuery querydESQL query to look up a password for a user -AuthDBDUserRealmQuery querydESQL query to look up a password hash for a user and realm. +AuthBearerAuthoritative On|Off On dhBSets whether token verification is passed to lower level +modules +AuthBearerProvider provider-name +[provider-name] ... file dhBSets the authentication provider(s) for this location +AuthBearerProxy off|expressiondhBPass a bearer authentication token over a proxy connection +generated using the given expression +AuthDBDUserPWQuery querydESQL query to look up a password for a user +AuthDBDUserRealmQuery querydESQL query to look up a password hash for a user and realm. -AuthDBMGroupFile file-pathdhESets the name of the database file containing the list +AuthDBMGroupFile file-pathdhESets the name of the database file containing the list of user groups for authorization -AuthDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to +AuthDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to store passwords -AuthDBMUserFile file-pathdhESets the name of a database file containing the list of users and +AuthDBMUserFile file-pathdhESets the name of a database file containing the list of users and passwords for authentication -AuthDigestAlgorithm MD5|MD5-sess MD5 dhESelects the algorithm used to calculate the challenge and +AuthDigestAlgorithm MD5|MD5-sess MD5 dhESelects the algorithm used to calculate the challenge and response hashes in digest authentication -AuthDigestDomain URI [URI] ...dhEURIs that are in the same protection space for digest +AuthDigestDomain URI [URI] ...dhEURIs that are in the same protection space for digest authentication -AuthDigestNcCheck On|Off Off sEEnables or disables checking of the nonce-count sent by the +AuthDigestNcCheck On|Off Off sEEnables or disables checking of the nonce-count sent by the server -AuthDigestNonceFormat formatdhEDetermines how the nonce is generated -AuthDigestNonceLifetime seconds 300 dhEHow long the server nonce is valid -AuthDigestProvider provider-name -[provider-name] ... file dhESets the authentication provider(s) for this location -AuthDigestQop none|auth|auth-int [auth|auth-int] auth dhEDetermines the quality-of-protection to use in digest +AuthDigestNonceFormat formatdhEDetermines how the nonce is generated +AuthDigestNonceLifetime seconds 300 dhEHow long the server nonce is valid +AuthDigestProvider provider-name +[provider-name] ... file dhESets the authentication provider(s) for this location +AuthDigestQop none|auth|auth-int [auth|auth-int] auth dhEDetermines the quality-of-protection to use in digest authentication -AuthDigestShmemSize size 1000 sEThe amount of shared memory to allocate for keeping track +AuthDigestShmemSize size 1000 sEThe amount of shared memory to allocate for keeping track of clients -AuthFormAuthoritative On|Off On dhBSets whether authorization and authentication are passed to +AuthFormAuthoritative On|Off On dhBSets whether authorization and authentication are passed to lower level modules -AuthFormBody fieldname httpd_body dBThe name of a form field carrying the body of the request to attempt on successful login -AuthFormDisableNoStore On|Off Off dBDisable the CacheControl no-store header on the login page -AuthFormFakeBasicAuth On|Off Off dBFake a Basic Authentication header -AuthFormLocation fieldname httpd_location dBThe name of a form field carrying a URL to redirect to on successful login -AuthFormLoginRequiredLocation urldBThe URL of the page to be redirected to should login be required -AuthFormLoginSuccessLocation urldBThe URL of the page to be redirected to should login be successful -AuthFormLogoutLocation uridBThe URL to redirect to after a user has logged out -AuthFormMethod fieldname httpd_method dBThe name of a form field carrying the method of the request to attempt on successful login -AuthFormMimetype fieldname httpd_mimetype dBThe name of a form field carrying the mimetype of the body of the request to attempt on successful login -AuthFormPassword fieldname httpd_password dBThe name of a form field carrying the login password -AuthFormProvider provider-name -[provider-name] ... file dhBSets the authentication provider(s) for this location -AuthFormSitePassphrase secretdBBypass authentication checks for high traffic sites -AuthFormSize size 8192 dBThe largest size of the form in bytes that will be parsed for the login details -AuthFormUsername fieldname httpd_username dBThe name of a form field carrying the login username -AuthGroupFile file-pathdhBSets the name of a text file containing the list +AuthFormBody fieldname httpd_body dBThe name of a form field carrying the body of the request to attempt on successful login +AuthFormDisableNoStore On|Off Off dBDisable the CacheControl no-store header on the login page +AuthFormFakeBasicAuth On|Off Off dBFake a Basic Authentication header +AuthFormLocation fieldname httpd_location dBThe name of a form field carrying a URL to redirect to on successful login +AuthFormLoginRequiredLocation urldBThe URL of the page to be redirected to should login be required +AuthFormLoginSuccessLocation urldBThe URL of the page to be redirected to should login be successful +AuthFormLogoutLocation uridBThe URL to redirect to after a user has logged out +AuthFormMethod fieldname httpd_method dBThe name of a form field carrying the method of the request to attempt on successful login +AuthFormMimetype fieldname httpd_mimetype dBThe name of a form field carrying the mimetype of the body of the request to attempt on successful login +AuthFormPassword fieldname httpd_password dBThe name of a form field carrying the login password +AuthFormProvider provider-name +[provider-name] ... file dhBSets the authentication provider(s) for this location +AuthFormSitePassphrase secretdBBypass authentication checks for high traffic sites +AuthFormSize size 8192 dBThe largest size of the form in bytes that will be parsed for the login details +AuthFormUsername fieldname httpd_username dBThe name of a form field carrying the login username +AuthGroupFile file-pathdhBSets the name of a text file containing the list of user groups for authorization -AuthLDAPAuthorizePrefix prefix AUTHORIZE_ dhESpecifies the prefix for environment variables set during +AuthLDAPAuthorizePrefix prefix AUTHORIZE_ dhESpecifies the prefix for environment variables set during authorization -AuthLDAPBindAuthoritative off|on on dhEDetermines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. -AuthLDAPBindDN distinguished-namedhEOptional DN to use in binding to the LDAP server -AuthLDAPBindPassword passworddhEPassword used in conjunction with the bind DN -AuthLDAPCharsetConfig file-pathsELanguage to charset conversion configuration file -AuthLDAPCompareAsUser on|off off dhEUse the authenticated user's credentials to perform authorization comparisons -AuthLDAPCompareDNOnServer on|off on dhEUse the LDAP server to compare the DNs -AuthLDAPDereferenceAliases never|searching|finding|always always dhEWhen will the module de-reference aliases -AuthLDAPGroupAttribute attribute member uniqueMember +dhELDAP attributes used to identify the user members of +AuthLDAPBindAuthoritative off|on on dhEDetermines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. +AuthLDAPBindDN distinguished-namedhEOptional DN to use in binding to the LDAP server +AuthLDAPBindPassword passworddhEPassword used in conjunction with the bind DN +AuthLDAPCharsetConfig file-pathsELanguage to charset conversion configuration file +AuthLDAPCompareAsUser on|off off dhEUse the authenticated user's credentials to perform authorization comparisons +AuthLDAPCompareDNOnServer on|off on dhEUse the LDAP server to compare the DNs +AuthLDAPDereferenceAliases never|searching|finding|always always dhEWhen will the module de-reference aliases +AuthLDAPGroupAttribute attribute member uniqueMember +dhELDAP attributes used to identify the user members of groups. -AuthLDAPGroupAttributeIsDN on|off on dhEUse the DN of the client username when checking for +AuthLDAPGroupAttributeIsDN on|off on dhEUse the DN of the client username when checking for group membership -AuthLDAPInitialBindAsUser off|on off dhEDetermines if the server does the initial DN lookup using the basic authentication users' +AuthLDAPInitialBindAsUser off|on off dhEDetermines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server -AuthLDAPInitialBindPattern regex substitution (.*) $1 (remote use +dhESpecifies the transformation of the basic authentication username to be used when binding to the LDAP server +AuthLDAPInitialBindPattern regex substitution (.*) $1 (remote use +dhESpecifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup -AuthLDAPMaxSubGroupDepth Number 0 dhESpecifies the maximum sub-group nesting depth that will be +AuthLDAPMaxSubGroupDepth Number 0 dhESpecifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. -AuthLDAPRemoteUserAttribute uiddhEUse the value of the attribute returned during the user +AuthLDAPRemoteUserAttribute uiddhEUse the value of the attribute returned during the user query to set the REMOTE_USER environment variable -AuthLDAPRemoteUserIsDN on|off off dhEUse the DN of the client username to set the REMOTE_USER +AuthLDAPRemoteUserIsDN on|off off dhEUse the DN of the client username to set the REMOTE_USER environment variable -AuthLDAPSearchAsUser on|off off dhEUse the authenticated user's credentials to perform authorization searches -AuthLDAPSubGroupAttribute attribute member uniqueMember +dhESpecifies the attribute labels, one value per +AuthLDAPSearchAsUser on|off off dhEUse the authenticated user's credentials to perform authorization searches +AuthLDAPSubGroupAttribute attribute member uniqueMember +dhESpecifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. -AuthLDAPSubGroupClass LdapObjectClass groupOfNames groupO +dhESpecifies which LDAP objectClass values identify directory +AuthLDAPSubGroupClass LdapObjectClass groupOfNames groupO +dhESpecifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. -AuthLDAPURL url [NONE|SSL|TLS|STARTTLS]dhEURL specifying the LDAP search parameters -AuthMerging Off | And | Or Off dhBControls the manner in which each configuration section's +AuthLDAPURL url [NONE|SSL|TLS|STARTTLS]dhEURL specifying the LDAP search parameters +AuthMerging Off | And | Or Off dhBControls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. -AuthName auth-domaindhBAuthorization realm for use in HTTP +AuthName auth-domaindhBAuthorization realm for use in HTTP authentication -AuthnCacheContext directory|server|custom-string directory dBSpecify a context string for use in the cache key -AuthnCacheEnablesBEnable Authn caching configured anywhere -AuthnCacheProvideFor authn-provider [...]dhBSpecify which authn provider(s) to cache for -AuthnCacheSOCache provider-name[:provider-args]sBSelect socache backend provider to use -AuthnCacheTimeout timeout (seconds) 300 (5 minutes) dhBSet a timeout for cache entries -<AuthnProviderAlias baseProvider Alias> -... </AuthnProviderAlias>sBEnclose a group of directives that represent an +AuthnCacheContext directory|server|custom-string directory dBSpecify a context string for use in the cache key +AuthnCacheEnablesBEnable Authn caching configured anywhere +AuthnCacheProvideFor authn-provider [...]dhBSpecify which authn provider(s) to cache for +AuthnCacheSOCache provider-name[:provider-args]sBSelect socache backend provider to use +AuthnCacheTimeout timeout (seconds) 300 (5 minutes) dhBSet a timeout for cache entries +<AuthnProviderAlias baseProvider Alias> +... </AuthnProviderAlias>sBEnclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias -AuthnzFcgiCheckAuthnProvider provider-name|None -option ...dEEnables a FastCGI application to handle the check_authn +AuthnzFcgiCheckAuthnProvider provider-name|None +option ...dEEnables a FastCGI application to handle the check_authn authentication hook. -AuthnzFcgiDefineProvider type provider-name -backend-addresssEDefines a FastCGI application as a provider for +AuthnzFcgiDefineProvider type provider-name +backend-addresssEDefines a FastCGI application as a provider for authentication and/or authorization +AuthtJwtVerify [set|unset] name [value]dhBSet a claim with the given name and expression, or unset the claim with the given name +AuthtJwtDriver name [param[=value]]svBSets the name of the underlying crypto driver to +use +AuthtJwtSign algorithm [type param]dhBThe JWS signing algorithm and passphrase/key to sign an outgoing +JWT token +AuthtJwtVerify algorithm [type param]dhBThe JWS signing algorithm and passphrase/key to verify an incoming +JWT token +<AuthtProviderAlias baseProvider Alias> +... </AuthtProviderAlias>sBEnclose a group of directives that represent an +extension of a base token provider and referenced by the specified +alias AuthType None|Basic|Digest|FormdhBType of user authentication AuthUserFile file-pathdhBSets the name of a text file containing the list of users and passwords for authentication diff --git a/docs/manual/sitemap.html.en.utf8 b/docs/manual/sitemap.html.en.utf8 index 59004a5d21a..c234eeb4c5d 100644 --- a/docs/manual/sitemap.html.en.utf8 +++ b/docs/manual/sitemap.html.en.utf8 @@ -200,6 +200,7 @@ log_server_status
  • Apache Module mod_allowmethods
  • Apache Module mod_asis
  • Apache Module mod_auth_basic
    • +
  • Apache Module mod_auth_bearer
  • Apache Module mod_auth_digest
  • Apache Module mod_auth_form
  • Apache Module mod_authn_anon
    • @@ -210,6 +211,8 @@ log_server_status
  • Apache Module mod_authn_socache
  • Apache Module mod_authnz_fcgi
  • Apache Module mod_authnz_ldap
    • +
  • Apache Module mod_autht_core
    • +
  • Apache Module mod_autht_jwt
  • Apache Module mod_authz_core
  • Apache Module mod_authz_dbd
  • Apache Module mod_authz_dbm