Deploying the Apache Agent

Page created: 14 Jul 2022 |

Page updated: 14 Jul 2022

| 2 min read

Apache Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

To use the Apache Agent, copy the files to your Apache directory and modify your Apache configuration.

The PingFederate Apache Agent is represented by the <apache_home>/conf/mod_pf.conf Apache module (dynamic library) and an auxiliary OpenToken library. The behavior of the Apache Agent is controlled by properties contained in the mod_pf.conf file.

Download the Apache Linux Integration Kit .zip archive from the Ping Identity Integration Directory.
From the Apache Linux Integration Kit .zip archive, copy the contents of the apache-agent/lib directory that corresponds to your version of Linux into your Apache /modules directory. If the files already exist, overwrite them.

For an Apache HTTP Server running on Canonical Ubuntu 20.04, use the modules found in the subdirectory: Apache_2.4/Ubuntu20_64.
For new installations, from the integration-kit apache-agent/config directory, copy the mod_pf.conf, start_page_template.html, and the error_page_template.html files into the /conf directory of your Apache installation.
Copy the agent-config.txt file that you downloaded in Configuring an OpenToken SP Adapter instance to the Apache /conf folder.
If you are using Security Enhanced Linux, run the following commands as the root user.
```
chcon --reference /usr/sbin/httpd /etc/httpd/modules/mod_pf.so
chcon --reference /usr/sbin/httpd /etc/httpd/modules/libopentoken.so
```
This allows the agent to run in the httpd context.

Note:
The paths above assume the default Linux installation.

Add the following in the Apache httpd.conf file above any other LoadModule statements:

LoadModule access_compat_module modules/mod_access_compat.so
LoadFile modules/libopentoken.so
LoadModule pf_module modules/mod_pf.so
PingFederateConfigurationFile conf/mod_pf.conf

Add the following within all Directory contexts that should be handled by the Agent.
```
AuthType PFApacheAgent
```
Tip:
Use a "deny by default" configuration for all directories that you want the Apache Agent to protect.
```
Order Deny,Allow
Deny from all
```
For more AuthType examples, see Apache Integration Kit AuthType examples in the Ping Identity Knowledge Base.
Restart Apache.