summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sca-cpp/trunk/modules/http/Makefile.am2
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-auth-conf46
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf18
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf134
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-conf3
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-ssl-conf27
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-ssl-member-conf2
-rwxr-xr-xsca-cpp/trunk/modules/http/ssl-ca-conf6
-rwxr-xr-xsca-cpp/trunk/modules/http/ssl-cert-conf6
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-conf2
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-ssl-conf4
-rw-r--r--sca-cpp/trunk/modules/openid/Makefile.am2
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-conf28
-rwxr-xr-xsca-cpp/trunk/modules/openid/start-test3
-rw-r--r--sca-cpp/trunk/modules/server/mod-eval.hpp5
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/login/index.html97
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/logout/index.html33
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/login/index.html97
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/logout/index.html33
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html97
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html33
-rwxr-xr-xsca-cpp/trunk/samples/store-cluster/ssl-start7
-rwxr-xr-xsca-cpp/trunk/samples/store-python/ssl-start1
23 files changed, 609 insertions, 77 deletions
diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am
index 17fd8ac3c7..03f5c234f5 100644
--- a/sca-cpp/trunk/modules/http/Makefile.am
+++ b/sca-cpp/trunk/modules/http/Makefile.am
@@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
incl_HEADERS = *.hpp
incldir = $(prefix)/include/modules/http
-dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf
+dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf httpd-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf
moddir=$(prefix)/modules/http
curl_test_SOURCES = curl-test.cpp
diff --git a/sca-cpp/trunk/modules/http/httpd-auth-conf b/sca-cpp/trunk/modules/http/httpd-auth-conf
new file mode 100755
index 0000000000..cfe81f778a
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/httpd-auth-conf
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a minimal HTTPD SSL configuration
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
+host=`echo $conf | awk '{ print $6 }'`
+httpd_prefix=`cat $here/httpd.prefix`
+
+# Generate basic authentication configuration
+cat >>$root/conf/vhost-ssl.conf <<EOF
+# Generated by: httpd-auth-conf $*
+# Require clients to present a userid + password for HTTP
+# basic authentication
+<Location />
+AuthType Basic
+AuthName "$host"
+AuthUserFile "$root/conf/httpd.passwd"
+Require valid-user
+</Location>
+
+EOF
+
+# Create test users
+$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
+$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
+$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
+$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
+
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index 149bc56c4d..2cbf5120e9 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -44,7 +44,9 @@ cat >$root/conf/httpd.conf <<EOF
ServerName http://$host:$pport
PidFile $root/logs/httpd.pid
-# Minimal set of modules
+# Load a minimal set of modules, the load order is important
+# (e.g. load mod_headers before mod_rewrite, so its hooks execute
+# after mod_rewrite's hooks)
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_default_module ${modules_prefix}/modules/mod_authn_default.so
@@ -58,13 +60,14 @@ LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
+LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
+LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
-LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
@@ -80,17 +83,17 @@ Timeout 45
LimitRequestBody 1048576
HostNameLookups Off
-# Logging
+# Log HTTP requests
+LogLevel info
ErrorLog $root/logs/error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog $root/logs/access_log combined
-LogLevel warn
# Configure Mime types
DefaultType text/plain
TypesConfig $here/conf/mime.types
-# Set document root
+# Set default document root
DocumentRoot $htdocs
DirectoryIndex index.html
@@ -113,16 +116,17 @@ Options FollowSymLinks
Allow from all
</Directory>
-# Allow access to service components
+# Allow access to root location
<Location />
Options FollowSymLinks
Order deny,allow
Allow from all
</Location>
-# Setup HTTP virtual host
+# Listen on HTTP port
Listen $port
+# Setup HTTP virtual host
<VirtualHost *:$port>
ServerName http://$host:$pport
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index f2f8b01614..f36da55b12 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -45,7 +45,7 @@ RewriteCond %{SERVER_PORT} !^$sslpport$
RewriteRule .* https://%{SERVER_NAME}:$sslpport%{REQUEST_URI} [R,L]
</Location>
-# Setup SSL support
+# Configure SSL support
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
@@ -55,19 +55,19 @@ SSLMutex "file:$root/logs/ssl_mutex"
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
-# Setup HTTPS virtual host
+# Listen on HTTPS port
Listen $sslport
+# HTTPS virtual host
<VirtualHost *:$sslport>
ServerName https://$host:$sslpport
-Include conf/ssl-svhost.conf
+Include conf/svhost-ssl.conf
# Allow the server admin to view the server status
<Location /server-status>
SetHandler server-status
HostnameLookups on
-Deny from All
Allow from all
Require user admin
</Location>
@@ -80,7 +80,7 @@ ExtendedStatus On
EOF
# Generate HTTPS vhost configuration
-cat >$root/conf/ssl-vhost.conf <<EOF
+cat >$root/conf/vhost-ssl.conf <<EOF
# Generated by: httpd-ssl-conf $*
# Virtual host configuration
UseCanonicalName Off
@@ -89,39 +89,113 @@ UseCanonicalName Off
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+SSLOptions -StrictRequire +OptRenegotiate
-# Logging
-CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" sslcombined
+# Verify client certificates
+SSLVerifyClient optional
+SSLVerifyDepth 1
+
+# Log SSL requests
+#CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\"" sslcombined
CustomLog $root/logs/ssl_access_log sslcombined
-LogLevel warn
-# Require clients to present either:
-# a certificate signed with our certification authority certificate
-# or a userid + password for HTTP basic authentication
+EOF
+
+# Generate HTTPS authentication requirement
+cat >>$root/conf/vhost-ssl.conf <<EOF
<Location />
+# Require clients to use SSL and authenticate
+SSLRequireSSL
+
+# Also accept other forms of authentication (e.g. HTTP basic
+# authentication, or OpenID authentication)
Satisfy Any
-SSLVerifyClient optional
-SSLVerifyDepth 1
-SSLOptions +FakeBasicAuth
-SSLRequireSSL
-SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_I_DN_O} == "$org"
+EOF
-AuthType Basic
-AuthName "$host"
-AuthUserFile "$root/conf/httpd.passwd"
-Require valid-user
+proxyconf=`cat $root/conf/vhost.conf | grep "# Generated by: proxy-conf"`
+if [ "$proxyconf" != "" ]; then
+ cat >>$root/conf/vhost-ssl.conf <<EOF
+# In an proxy, only require a 128+ cipher key
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
+
+# Forward received SSL client certificate info in proxied requests
+RewriteEngine on
+RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
+RewriteRule .* - [E=SSL_CIPHER:%{SSL:SSL_CIPHER}]
+RewriteCond %{SSL:SSL_CLIENT_I_DN} !=""
+RewriteRule .* - [E=SSL_I_DN:%{SSL:SSL_CLIENT_I_DN}]
+RewriteCond %{SSL:SSL_CLIENT_S_DN} !=""
+RewriteRule .* - [E=SSL_S_DN:%{SSL:SSL_CLIENT_S_DN}]
+RewriteCond %{SSL:SSL_CLIENT_I_DN_O} !=""
+RewriteRule .* - [E=SSL_I_DN_O:%{SSL:SSL_CLIENT_I_DN_O}]
+RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} !=""
+RewriteRule .* - [E=SSL_S_DN_OU:%{SSL:SSL_CLIENT_S_DN_OU}]
+RequestHeader unset X-Forwarded-SSL-Protocol
+RequestHeader unset X-Forwarded-SSL-Cipher
+RequestHeader unset X-Forwarded-SSL-Issuer-DN
+RequestHeader unset X-Forwarded-SSL-Client-DN
+RequestHeader unset X-Forwarded-SSL-Issuer-DN-O
+RequestHeader unset X-Forwarded-SSL-Client-DN-OU
+RequestHeader set X-Forwarded-SSL-Protocol %{SSL_PROTOCOL}e env=SSL_PROTOCOL
+RequestHeader set X-Forwarded-SSL-Cipher %{SSL_CIPHER}e env=SSL_CIPHER
+RequestHeader set X-Forwarded-SSL-Issuer-DN %{SSL_I_DN}e env=SSL_I_DN
+RequestHeader set X-Forwarded-SSL-Client-DN %{SSL_S_DN}e env=SSL_S_DN
+RequestHeader set X-Forwarded-SSL-Issuer-DN-O %{SSL_I_DN_O}e env=SSL_I_DN_O
+RequestHeader set X-Forwarded-SSL-Client-DN-OU %{SSL_S_DN_OU}e env=SSL_S_DN_OU
+
+EOF
+else
+ cat >>$root/conf/vhost-ssl.conf <<EOF
+# In a server, require a 128+ cipher key and one of the following
+# - another server's certificate issued by our certificate authority
+# - a proxy certificate + forwarded info on the client request certificate,
+# both signed by our certificate authority
+# - OpenID authentication (set by mod_auth_openid in the auth_type)
+# - another valid form of authentication as per the Satisfy directive
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and ( \
+( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "server" ) or \
+( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "proxy" and \
+ %{HTTP:X-Forwarded-SSL-Issuer-DN-O} == "$org" and %{HTTP:X-Forwarded-SSL-Client-DN-OU} == "server" ) or \
+%{REQUEST_URI} =~ m/^.(login|logout|openid|unprotected).*$/ )
+
+# Record received SSL client certificate info in environment vars
+RewriteEngine on
+RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
+RewriteRule .* - [E=SSL_CIPHER:%{SSL:SSL_CIPHER}]
+RewriteCond %{SSL:SSL_CLIENT_I_DN} !=""
+RewriteRule .* - [E=SSL_I_DN:%{SSL:SSL_CLIENT_I_DN}]
+RewriteCond %{SSL:SSL_CLIENT_S_DN} !=""
+RewriteRule .* - [E=SSL_S_DN:%{SSL:SSL_CLIENT_S_DN}]
+
+# Store the client certificate DN in the SSL_REMOTE_USER var,
+# that's similar to the SSLUserName directive but more flexible as
+# it can pick a client certificate DN forwarded by a proxy
+RewriteCond %{SSL:SSL_CLIENT_I_DN_O} "$org"
+RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} "server"
+RewriteRule .* - [E=SSL_REMOTE_USER:%{SSL:SSL_CLIENT_S_DN}]
+
+RewriteCond %{SSL:SSL_CLIENT_I_DN_O} "$org"
+RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} "proxy"
+RewriteCond %{HTTP:X-Forwarded-SSL-Issuer-DN-O} "$org"
+RewriteCond %{HTTP:X-Forwarded-SSL-Client-DN-OU} "server"
+RewriteRule .* - [E=SSL_REMOTE_USER:%{HTTP:X-Forwarded-SSL-Client-DN}]
+
+EOF
+fi
+
+cat >>$root/conf/vhost-ssl.conf <<EOF
</Location>
EOF
-cat >$root/conf/ssl-svhost.conf <<EOF
+cat >$root/conf/svhost-ssl.conf <<EOF
# Generated by: httpd-ssl-conf $*
# Static virtual host configuration
-Include conf/ssl-vhost.conf
+Include conf/vhost-ssl.conf
-# Configure SSL certificates
+# Declare SSL certificates used in this virtual host
SSLCACertificateFile "$root/conf/ca.crt"
SSLCertificateChainFile "$root/conf/ca.crt"
SSLCertificateFile "$root/conf/server.crt"
@@ -129,12 +203,12 @@ SSLCertificateKeyFile "$root/conf/server.key"
EOF
-cat >$root/conf/ssl-dvhost.conf <<EOF
+cat >$root/conf/dvhost-ssl.conf <<EOF
# Mass dynamic virtual host configuration
# Generated by: httpd-ssl-conf $*
-Include conf/ssl-vhost.conf
+Include conf/vhost-ssl.conf
-# Configure SSL certificates
+# Declare wildcard SSL certificates used in this virtual host
SSLCACertificateFile "$root/conf/ca.crt"
SSLCertificateChainFile "$root/conf/ca.crt"
SSLCertificateFile "$root/conf/vhost.crt"
@@ -142,9 +216,3 @@ SSLCertificateKeyFile "$root/conf/vhost.key"
EOF
-# Create test users for HTTP basic authentication
-$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf
index 4970950623..dd6f344fa6 100755
--- a/sca-cpp/trunk/modules/http/proxy-conf
+++ b/sca-cpp/trunk/modules/http/proxy-conf
@@ -23,11 +23,12 @@ root=`readlink -f $1`
cat >>$root/conf/vhost.conf <<EOF
# Generated by: proxy-conf $*
-# Configure HTTP proxy and balancer
+# Enable HTTP reverse proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
+# Enable load balancing
ProxyPass / balancer://cluster/
<Proxy balancer://cluster>
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf
index bc1b63fc7d..fe7e6a5be6 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf
@@ -21,17 +21,14 @@
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
-cat >>$root/conf/ssl-vhost.conf <<EOF
+cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-conf $*
-# Enable SSL proxy
-SSLProxyEngine on
-SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-
-# Configure proxy and balancer
+# Enable HTTPS proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
+# Enable load balancing
ProxyPass /balancer-manager !
ProxyPass / balancer://sslcluster/
@@ -50,21 +47,21 @@ Allow from all
Require user admin
</Location>
-EOF
+# Enable SSL proxy engine
+SSLProxyEngine on
+SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-cat >>$root/conf/ssl-svhost.conf <<EOF
-# Generated by: proxy-ssl-conf $*
-# Setup SSL proxy certificates
-SSLProxyCACertificateFile "$root/conf/ca.crt"
-SSLProxyMachineCertificateFile "$root/conf/server.pem"
+# Verify server certificates
+SSLProxyVerify require
+SSLProxyVerifyDepth 1
EOF
-cat >>$root/conf/ssl-dvhost.conf <<EOF
+cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-conf $*
-# Setup SSL proxy certificates
+# Declare the proxy SSL client certificates
SSLProxyCACertificateFile "$root/conf/ca.crt"
-SSLProxyMachineCertificateFile "$root/conf/server.pem"
+SSLProxyMachineCertificateFile "$root/conf/proxy.pem"
EOF
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-member-conf b/sca-cpp/trunk/modules/http/proxy-ssl-member-conf
index 9f20933e35..55930b7ef2 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-member-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-member-conf
@@ -23,7 +23,7 @@ root=`readlink -f $1`
host=$2
sslport=`echo $3 | awk -F "/" '{ print $1 }'`
-cat >>$root/conf/ssl-vhost.conf <<EOF
+cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-member-conf $*
# Add proxy balancer member
BalancerMember balancer://sslcluster https://$host:$sslport
diff --git a/sca-cpp/trunk/modules/http/ssl-ca-conf b/sca-cpp/trunk/modules/http/ssl-ca-conf
index b3c6dbbfa0..bd24ca8c21 100755
--- a/sca-cpp/trunk/modules/http/ssl-ca-conf
+++ b/sca-cpp/trunk/modules/http/ssl-ca-conf
@@ -43,10 +43,10 @@ x509_extensions = v3_ca
C = US
ST = CA
L = San Francisco
-O = Test Authority Organization
-OU = Test Authority Unit
+O = $host
+OU = authority
CN = $host
-emailAddress = root@$host
+emailAddress = admin@$host
[ v3_ca ]
subjectKeyIdentifier = hash
diff --git a/sca-cpp/trunk/modules/http/ssl-cert-conf b/sca-cpp/trunk/modules/http/ssl-cert-conf
index 959b5059e1..8b6208a449 100755
--- a/sca-cpp/trunk/modules/http/ssl-cert-conf
+++ b/sca-cpp/trunk/modules/http/ssl-cert-conf
@@ -47,10 +47,10 @@ distinguished_name = req_distinguished_name
C = US
ST = CA
L = San Francisco
-O = Test Organization
-OU = Test Unit
+O = $host
+OU = $certname
CN = $host
-emailAddress = root@$host
+emailAddress = admin@$host
EOF
# Generate a certificate request
diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf
index e49a1cd415..4f563b673e 100755
--- a/sca-cpp/trunk/modules/http/vhost-conf
+++ b/sca-cpp/trunk/modules/http/vhost-conf
@@ -32,7 +32,7 @@ htdocs=`readlink -f $htdocs`
cat >>$root/conf/httpd.conf <<EOF
# Generated by: vhost-conf $*
-# Setup mass dynamic virtual hosting
+# Enable mass dynamic virtual hosting
NameVirtualHost *:$port
<VirtualHost *:$port>
diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf
index 8a660278a3..e6801248c4 100755
--- a/sca-cpp/trunk/modules/http/vhost-ssl-conf
+++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf
@@ -33,7 +33,7 @@ htdocs=`readlink -f $htdocs`
cat >>$root/conf/httpd.conf <<EOF
# Generated by: vhost-ssl-conf $*
-# Setup mass dynamic virtual hosting
+# Enable mass dynamic virtual hosting over HTTPS
NameVirtualHost *:$sslport
SSLStrictSNIVHostCheck Off
@@ -42,7 +42,7 @@ ServerName https://vhost.$host:$sslpport
ServerAlias *.$host
VirtualDocumentRoot $htdocs/domains/%1/
-Include conf/ssl-dvhost.conf
+Include conf/dvhost-ssl.conf
</VirtualHost>
EOF
diff --git a/sca-cpp/trunk/modules/openid/Makefile.am b/sca-cpp/trunk/modules/openid/Makefile.am
index a28611dc41..158dd8902b 100644
--- a/sca-cpp/trunk/modules/openid/Makefile.am
+++ b/sca-cpp/trunk/modules/openid/Makefile.am
@@ -18,7 +18,7 @@
if WANT_OPENID
-dist_mod_SCRIPTS = openid-conf
+dist_mod_SCRIPTS = openid-conf openid-step2-conf
moddir = $(prefix)/modules/openid
mod_DATA = openid.prefix
diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf
index 206281db38..19d7d06d99 100755
--- a/sca-cpp/trunk/modules/openid/openid-conf
+++ b/sca-cpp/trunk/modules/openid/openid-conf
@@ -20,32 +20,46 @@
# Generate an OpenID server conf
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
-openid_prefix=`cat openid.prefix`
+conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
+host=`echo $conf | awk '{ print $6 }'`
+openid_prefix=`cat $here/openid.prefix`
# Configure HTTPD mod_auth_openid module
cat >>$root/conf/httpd.conf <<EOF
# Generated by: openid-conf $*
-# Support for OpenID authentication
+# Load support for OpenID authentication
LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
+# Enable OpenID authentication
<Location />
+AuthType OpenID
AuthOpenIDEnabled On
AuthOpenIDCookiePath /
AuthOpenIDLoginPage /login
AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
</Location>
-<Location /unprotected>
-AuthOpenIDEnabled Off
-</Location>
-
+# Enable unauthenticated access to unprotected areas
<Location /login>
AuthOpenIDEnabled Off
</Location>
-
<Location /logout>
AuthOpenIDEnabled Off
</Location>
+<Location /unprotected>
+AuthOpenIDEnabled Off
+</Location>
+
+EOF
+
+cat >>$root/conf/vhost-ssl.conf <<EOF
+# Generated by: openid-conf $*
+# Require OpenID authentication
+<Location />
+AuthType OpenID
+AuthName "$host"
+Require valid-user
+</Location>
EOF
diff --git a/sca-cpp/trunk/modules/openid/start-test b/sca-cpp/trunk/modules/openid/start-test
index b9d3191b11..67020cf701 100755
--- a/sca-cpp/trunk/modules/openid/start-test
+++ b/sca-cpp/trunk/modules/openid/start-test
@@ -18,7 +18,10 @@
# under the License.
# Setup
+../../modules/http/ssl-ca-conf tmp localhost
+../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
+../../modules/http/httpd-ssl-conf tmp 8453
./openid-conf tmp
./openid-step2-conf tmp
../../modules/server/server-conf tmp
diff --git a/sca-cpp/trunk/modules/server/mod-eval.hpp b/sca-cpp/trunk/modules/server/mod-eval.hpp
index 857fd0a1e1..0aff56f59d 100644
--- a/sca-cpp/trunk/modules/server/mod-eval.hpp
+++ b/sca-cpp/trunk/modules/server/mod-eval.hpp
@@ -612,8 +612,9 @@ const int postConfigMerge(const ServerConf& mainsc, server_rec* s) {
return OK;
ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_eval);
debug(httpd::serverName(s), "modeval::postConfigMerge::serverName");
- if (sc.wiringServerName == "") sc.wiringServerName = httpd::serverName(s);
- debug(httpd::serverName(s), "modeval::postConfigMerge::wiringServerName");
+ if (sc.wiringServerName == "")
+ sc.wiringServerName = mainsc.wiringServerName != ""? mainsc.wiringServerName : httpd::serverName(s);
+ debug(sc.wiringServerName, "modeval::postConfigMerge::wiringServerName");
sc.contributionPath = mainsc.contributionPath;
sc.compositeName = mainsc.compositeName;
sc.virtualHostContributionPath = mainsc.virtualHostContributionPath;
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/login/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/login/index.html
new file mode 100644
index 0000000000..14f378e968
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/login/index.html
@@ -0,0 +1,97 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body><h1>Sign in with an OpenID provider</h1>
+
+<script type="text/javascript">
+function queryParams() {
+ qp = new Array();
+ qs = window.location.search.substring(1).split('&');
+ for (i = 0; i < qs.length; i++) {
+ e = qs[i].indexOf('=');
+ if (e > 0)
+ qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
+ }
+ return qp;
+}
+
+function openidReferrer() {
+ r = queryParams()['modauthopenid.referrer'];
+ if (typeof(r) == 'undefined')
+ return r;
+ q = r.indexOf('?');
+ if (q > 0)
+ return r.substring(0, q);
+ return r;
+}
+
+if (typeof(openidReferrer()) == 'undefined') {
+ document.location = '/';
+}
+
+function submitSignin(w) {
+ document.signin.openid_identifier.value = w();
+ document.signin.action = openidReferrer();
+ document.signin.submit();
+}
+
+
+function withGoogle() {
+ return 'https://www.google.com/accounts/o8/id';
+}
+
+function withYahoo() {
+ return 'https://me.yahoo.com/';
+}
+
+function withMyOpenID() {
+ return 'http://www.myopenid.com/xrds';
+}
+
+function withVerisign() {
+ return 'https://pip.verisignlabs.com/';
+}
+
+function withGoogleApps() {
+ return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
+}
+
+function withXRDSEndpoint() {
+ return document.fields.endpoint.value;
+}
+</script>
+
+<form name="signin" action="/" method="GET">
+<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
+</form>
+
+<form name="fields">
+<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
+<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
+<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
+<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
+<p>Sign in with a Google apps domain<br/>
+<input type="text" size="20" name="domain" value="example.com"/><br/>
+<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
+<p>Sign in with an OpenID endpoint<br/>
+<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
+<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
+</form>
+
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/logout/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/logout/index.html
new file mode 100644
index 0000000000..55cbfac110
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/logout/index.html
@@ -0,0 +1,33 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body>
+<h1>Sign out</h1>
+
+<form name="signout" action="/login" method="GET">
+<script type="text/javascript">
+function submitSignout() {
+ document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
+ document.signout.submit();
+ return true;
+}
+</script>
+<input type="button" onclick="submitSignout()" value="Sign out"/>
+</form>
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/login/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/login/index.html
new file mode 100644
index 0000000000..14f378e968
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/login/index.html
@@ -0,0 +1,97 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body><h1>Sign in with an OpenID provider</h1>
+
+<script type="text/javascript">
+function queryParams() {
+ qp = new Array();
+ qs = window.location.search.substring(1).split('&');
+ for (i = 0; i < qs.length; i++) {
+ e = qs[i].indexOf('=');
+ if (e > 0)
+ qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
+ }
+ return qp;
+}
+
+function openidReferrer() {
+ r = queryParams()['modauthopenid.referrer'];
+ if (typeof(r) == 'undefined')
+ return r;
+ q = r.indexOf('?');
+ if (q > 0)
+ return r.substring(0, q);
+ return r;
+}
+
+if (typeof(openidReferrer()) == 'undefined') {
+ document.location = '/';
+}
+
+function submitSignin(w) {
+ document.signin.openid_identifier.value = w();
+ document.signin.action = openidReferrer();
+ document.signin.submit();
+}
+
+
+function withGoogle() {
+ return 'https://www.google.com/accounts/o8/id';
+}
+
+function withYahoo() {
+ return 'https://me.yahoo.com/';
+}
+
+function withMyOpenID() {
+ return 'http://www.myopenid.com/xrds';
+}
+
+function withVerisign() {
+ return 'https://pip.verisignlabs.com/';
+}
+
+function withGoogleApps() {
+ return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
+}
+
+function withXRDSEndpoint() {
+ return document.fields.endpoint.value;
+}
+</script>
+
+<form name="signin" action="/" method="GET">
+<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
+</form>
+
+<form name="fields">
+<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
+<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
+<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
+<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
+<p>Sign in with a Google apps domain<br/>
+<input type="text" size="20" name="domain" value="example.com"/><br/>
+<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
+<p>Sign in with an OpenID endpoint<br/>
+<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
+<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
+</form>
+
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/logout/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/logout/index.html
new file mode 100644
index 0000000000..55cbfac110
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/logout/index.html
@@ -0,0 +1,33 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body>
+<h1>Sign out</h1>
+
+<form name="signout" action="/login" method="GET">
+<script type="text/javascript">
+function submitSignout() {
+ document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
+ document.signout.submit();
+ return true;
+}
+</script>
+<input type="button" onclick="submitSignout()" value="Sign out"/>
+</form>
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html
new file mode 100644
index 0000000000..14f378e968
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html
@@ -0,0 +1,97 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body><h1>Sign in with an OpenID provider</h1>
+
+<script type="text/javascript">
+function queryParams() {
+ qp = new Array();
+ qs = window.location.search.substring(1).split('&');
+ for (i = 0; i < qs.length; i++) {
+ e = qs[i].indexOf('=');
+ if (e > 0)
+ qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
+ }
+ return qp;
+}
+
+function openidReferrer() {
+ r = queryParams()['modauthopenid.referrer'];
+ if (typeof(r) == 'undefined')
+ return r;
+ q = r.indexOf('?');
+ if (q > 0)
+ return r.substring(0, q);
+ return r;
+}
+
+if (typeof(openidReferrer()) == 'undefined') {
+ document.location = '/';
+}
+
+function submitSignin(w) {
+ document.signin.openid_identifier.value = w();
+ document.signin.action = openidReferrer();
+ document.signin.submit();
+}
+
+
+function withGoogle() {
+ return 'https://www.google.com/accounts/o8/id';
+}
+
+function withYahoo() {
+ return 'https://me.yahoo.com/';
+}
+
+function withMyOpenID() {
+ return 'http://www.myopenid.com/xrds';
+}
+
+function withVerisign() {
+ return 'https://pip.verisignlabs.com/';
+}
+
+function withGoogleApps() {
+ return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
+}
+
+function withXRDSEndpoint() {
+ return document.fields.endpoint.value;
+}
+</script>
+
+<form name="signin" action="/" method="GET">
+<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
+</form>
+
+<form name="fields">
+<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
+<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
+<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
+<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
+<p>Sign in with a Google apps domain<br/>
+<input type="text" size="20" name="domain" value="example.com"/><br/>
+<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
+<p>Sign in with an OpenID endpoint<br/>
+<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
+<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
+</form>
+
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html
new file mode 100644
index 0000000000..55cbfac110
--- /dev/null
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html
@@ -0,0 +1,33 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<html><body>
+<h1>Sign out</h1>
+
+<form name="signout" action="/login" method="GET">
+<script type="text/javascript">
+function submitSignout() {
+ document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
+ document.signout.submit();
+ return true;
+}
+</script>
+<input type="button" onclick="submitSignout()" value="Sign out"/>
+</form>
+</body></html>
diff --git a/sca-cpp/trunk/samples/store-cluster/ssl-start b/sca-cpp/trunk/samples/store-cluster/ssl-start
index d9d0fec67d..da55846654 100755
--- a/sca-cpp/trunk/samples/store-cluster/ssl-start
+++ b/sca-cpp/trunk/samples/store-cluster/ssl-start
@@ -21,6 +21,7 @@
../../modules/http/ssl-ca-conf tmp/ssl sca-store.com
../../modules/http/ssl-cert-conf tmp/ssl sca-store.com server
../../modules/http/ssl-cert-conf tmp/ssl *.sca-store.com vhost
+../../modules/http/ssl-cert-conf tmp/ssl sca-store.com proxy
# Start three identical app servers
../../modules/http/httpd-conf tmp/server1 sca-store.com 8101/80 htdocs
@@ -28,6 +29,8 @@
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server1/conf
../../modules/http/httpd-ssl-conf tmp/server1 8441/443
../../modules/http/vhost-ssl-conf tmp/server1
+../../modules/openid/openid-conf tmp/server1
+../../modules/openid/openid-step2-conf tmp/server1
../../modules/server/server-conf tmp/server1
../../modules/python/python-conf tmp/server1
cat >>tmp/server1/conf/httpd.conf <<EOF
@@ -43,6 +46,8 @@ EOF
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server2/conf
../../modules/http/httpd-ssl-conf tmp/server2 8442/443
../../modules/http/vhost-ssl-conf tmp/server2
+../../modules/openid/openid-conf tmp/server2
+../../modules/openid/openid-step2-conf tmp/server2
../../modules/server/server-conf tmp/server2
../../modules/python/python-conf tmp/server2
cat >>tmp/server2/conf/httpd.conf <<EOF
@@ -58,6 +63,8 @@ EOF
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server3/conf
../../modules/http/httpd-ssl-conf tmp/server3 8443/443
../../modules/http/vhost-ssl-conf tmp/server3
+../../modules/openid/openid-conf tmp/server3
+../../modules/openid/openid-step2-conf tmp/server3
../../modules/server/server-conf tmp/server3
../../modules/python/python-conf tmp/server3
cat >>tmp/server3/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-python/ssl-start b/sca-cpp/trunk/samples/store-python/ssl-start
index 8f83508578..83f7a5a271 100755
--- a/sca-cpp/trunk/samples/store-python/ssl-start
+++ b/sca-cpp/trunk/samples/store-python/ssl-start
@@ -21,6 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
+../../modules/http/httpd-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF