Deploying the Apache Agent
To use the Apache Agent, copy the files to your Apache directory and modify your Apache configuration.
About this task
The PingFederate Apache Agent is represented by the <apache_home>/conf/mod_pf.conf
Apache module (dynamic library) and an auxiliary OpenToken library. The behavior of the Apache Agent is controlled by properties contained in the mod_pf.conf
file.
Steps
-
Download the Apache Linux Integration Kit
.zip
archive from the Ping Identity Integration Directory. -
From the Apache Linux Integration Kit
.zip
archive, copy the contents of theapache-agent/lib
directory that corresponds to your version of Linux into your Apache/modules
directory. If the files already exist, overwrite them.For an Apache HTTP Server running on Canonical Ubuntu 20.04, use the modules found in the subdirectory:
Apache_2.4/Ubuntu20_64
. -
For new installations, from the integration-kit
apache-agent/config
directory, copy themod_pf.conf
,start_page_template.html
, and theerror_page_template.html
files into the/conf
directory of your Apache installation. -
Copy the
agent-config.txt
file that you downloaded in Configuring an OpenToken SP Adapter instance to the Apache/conf
folder. -
If you’re using Security Enhanced Linux, run the following commands as the root user.
chcon --reference /usr/sbin/httpd /etc/httpd/modules/mod_pf.so chcon --reference /usr/sbin/httpd /etc/httpd/modules/libopentoken.so
This allows the agent to run in the
httpd
context.The preceding paths assume the default Linux installation.
-
Add the following in the Apache
httpd.conf
file above any otherLoadModule
statements:LoadModule access_compat_module modules/mod_access_compat.so LoadFile modules/libopentoken.so LoadModule pf_module modules/mod_pf.so PingFederateConfigurationFile conf/mod_pf.conf
-
Add the following within all
Directory
contexts that should be handled by the Agent.AuthType PFApacheAgent
Use a "deny by default" configuration for all directories that you want the Apache Agent to protect.
Order Deny,Allow Deny from all
Learn more about
AuthType
examples in Apache Integration Kit AuthType examples in the Ping Identity Knowledge Base. -
Restart Apache.