{"id":678,"date":"2007-02-07T12:05:02","date_gmt":"2007-02-07T20:05:02","guid":{"rendered":"\/?p=678"},"modified":"2007-02-07T12:12:42","modified_gmt":"2007-02-07T20:12:42","slug":"apache-authentication-module-for-cardspace","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=678","title":{"rendered":"Apache Authentication Module for CardSpace"},"content":{"rendered":"<p>Yesterday I referred to a mind-altering announcement from <a href=\"http:\/\/www.pingidentity.com\/\">Ping Identity Corporation<\/a>.&nbsp; I think it&#39;s a key piece of the identity puzzle.&nbsp; Since&nbsp;it&#39;s obvious that this is a big accomplishment and that he&#39;s played a major role in it, I&#39;ll&nbsp;quote Ashish Jain&#39;s&nbsp;<a href=\"http:\/\/itickr.com\/index.php\/?p=56\">Identity TIcker<\/a>&nbsp;blog:&nbsp;<\/p>\n<blockquote><p>Thanks to the efforts of our labs team, we finally have the \u00e2\u20ac\u02dc<em>Apache Authentication Module for CardSpace<\/em>\u00e2\u20ac\u02dc available for <a href=\"http:\/\/www.sourceid.org\/download\"><span style=\"background: #fff8b9\">download<\/span><\/a> .<\/p>\n<p>Here is the product description from the SourceID website:<\/p>\n<div style=\"font-size: 1.1em; background: #fff8b9; margin-left: 30px; font-style: italic\">\u00e2\u20ac\u0153The Apache Authentication Module for CardSpace is an open source module that allows applications using an Apache server for hosting or proxy to use Information Cards as an additional authentication mechanism. It allows the Apache applications to act as CardSpace relying parties (RP) by means of simple configuration. The module is responsible for decrypting the tokens submitted by CardSpace, retrieving the claims and making them available for the applications\u00e2\u20ac\u2122 use.\u00e2\u20ac\u009d<\/div>\n<p>The idea behind this is simple. If you have an application that is deployed on an Apache server and you want to CardSpace-enable it, drop in the module (along with the dependencies), change the httpd.conf and your application should have access to the claims in the infocard.<\/p><\/blockquote>\n<p>The <a href=\"http:\/\/itickr.com\/index.php\/?p=56\">post<\/a> <a href=\"\/wp-content\/images\/2007\/02\/remote_controls.jpg\">includes proof<\/a> that these guys were coding twenty-four hours a day.<\/p>\n<p>To my mind this is really huge.&nbsp; I wonder if one day we&#39;ll see it become a part of Apache, just like the password and digest authentication modules.<\/p>\n<p>The whole cardspace processing can be a black box for the administrators<\/p>\n<p>The module puts the attributes in the session. So if you have a PHP application, you can do the following to retrieve the attributes<\/p>\n<blockquote><p>$email = $_ENV[&#8216;auth_infocard_env_emailaddress&#8217;]<br \/>\n$ppid = $_ENV[&#8216;auth_infocard_env_privatepersonalidentifier&#8217;]<\/p><\/blockquote>\n<p>The same thing works in any other programming language, since they all give you access to your environment variables.<\/p>\n<p>So this is&nbsp;pretty much as&nbsp;simple as it gets.&nbsp; I hope everyone with a product that runs on Apache will look at this.<\/p>\n<p>But wait!&nbsp; There&#39;s more!&nbsp; When I wrote to Ashish to congratulate him on this development, he added:<\/p>\n<blockquote><p>We also have a .jar file for java that serves the similar purpose (we internally refer it as the cardspace-magic.jar and we will open source some day). Same idea\u00e2\u20ac\u00a6drop the .jar file in,&nbsp; then:<\/p><\/blockquote>\n<p align=\"center\"><strong>xmltoken in -> attribute\u00e2\u20ac\u2122s map out<\/strong><\/p>\n<p>So if you use Java, you can go that way too.<\/p>\n<p>But wait! There&#39;s still more!!<\/p>\n<p>Yes, folks, Ping Identity is actually showing a demo at RSA of some of the very ideas we&#39;ve been discussing over the last couple of days.&nbsp; Namely, use of CardSpace to log in to OpenID sites.&nbsp; I&#39;ll do another post to sow you some screen shots.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Running Apache?  Drop in the module, change the httpd.conf and your application should have access to the claims in the InfoCard. <\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,7,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/678"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=678"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/678\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}