Skip to content


Subversion checkout URL

You can clone with
Download ZIP
WebID authentication module for Apache 2
C Perl Shell
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


<h2>WebID FOAF+SSL authentication module for Apache 2</h2>

<p>The latest version of this module can be found at:</p>

<p>Visit the W3 ESW wiki for more information about FOAF+SSL:</p>


<p>Release versions of the following packages for your Linux

<li>Apache &gt;=2.2</li>

<p>Development versions of the following packages for your Linux

<li>Apache &gt;=2.2 (httpd-devel)</li>
<li>Redland &gt;=1.0.7 (redland-devel)</li>
<li>OpenSSL &gt;=0.9.8g (openssl-devel)</li>

<p>Use the following compilation and installation procedure:</p>

$ autoconf
$ ./configure
$ sudo make install

<p>The 'make install' command calls Apache's apxs utility to create and install
the mod_authn_webid DSO using default Apache module installation parameters.</p>

<h3>Configuration Directives</h3>

<dd>Set to 'Off' to allow access control to be passed along to lower modules if
  the WebID is not known to this module</dd>

<h3>Sample httpd.conf</h3>

<pre>LoadModule authn_webid_module modules/

SSLVerifyClient optional_no_ca

# WebID ignored
&lt;Location /&gt;

# WebID optional
&lt;Location /public/&gt;
    AuthType WebID
    Require everyone
    AuthWebIDAuthoritative off

# WebID required
&lt;Location /private/&gt;
    AuthType WebID
    Require valid-user

<h3>Authentication Details</h3>

<p>Clients are verified using the following SPARQL query:</p>

PREFIX rdf: &lt;;
PREFIX cert: &lt;;
PREFIX rsa: &lt;;
SELECT ?m ?e ?mod ?exp WHERE {
    ?key cert:identity &lt;%s&gt;;
         rsa:modulus ?m;
         rsa:public_exponent ?e.
    OPTIONAL { ?m cert:hex ?mod . }
    OPTIONAL { ?e cert:decimal ?exp. }

<p>%s is substituted by the client's WebID claim.</p>

<p>Matching modulus and exponent triggers successful authentication.
Only hex characters [0-9a-f] are considered for modulus comparison.</p>

<p>The optional clauses maintain compatibility for users with FOAF WebIDs
before the changes to the cert datatypes discussed on foaf-protocols here:</p>


<p>Please visit the <a href="">issue tracker</a>
for bug reports, feature requests, and other support.</p>


<p>Joe Presbrey<br /></p>

$Id: README 28777 2010-04-12 20:49:23Z presbrey $
Something went wrong with that request. Please try again.