I am trying to use Azure AD to authenticate a website in Apache web server deployed on a windows server. A possible solution we were looking for is mod_auth_openidc, however, it is not available for windows.
Are there any other options that can be used to authenticate a website in apache on a windows server?
The design pattern should work in any technology since HTTP interfaces are used:
Note that it is generally recommended in terms of secure hosting to put a reverse proxy in front of any of these components, so that an attacker has to breach 2 layers to get to data:
Here is an option that might work for you - and once you have a good reverse proxy setup it gives you some interesting architectural options:
Use an Azure NGINX managed service which will use Linux based servers, but you don't need to know anything much about Linux to use them
Use the NGINX openidc module - also provided by Zmartzone - and host that alongside Azure AD
If it helps, at Curity we have some related resources - here is one that shows how to run NGINX on a Windows PC using Docker and how to take control over behaviour via plugins.