I have a landing page for my openid which will redirect to Keycloak if not yet authorized, then will redirect to my landing page once verified. I used my keycloak server under a Apache mod_proxy.
The configuration is successful. Now, my problem is that even though my applications (Gitbucket and Jenkins) use the same realm for my mod_auth_openidc, I still need to login for the applications (SSO setup) even though I was already verified when accessing my landing page. Please see image on the link: https://ibb.co/VND01SY !https://ibb.co/VND01SY
DocumentRoot "/var/www/html"
DirectoryIndex index.html index. cgi index.php index.shtml
<Proxy "balancer://apache_mod_proxy">
BalancerMember "http://192.168.122.125:8080"
</Proxy>
ProxyPreserveHost On
ProxyPass "/auth/" "balancer://apache_mod_proxy/auth/"
ProxyPassReverse "/auth/" "balancer://apache_mod_proxy/auth/"
OIDCProviderMetadataURL "http://192.168.122.103/auth/realms/ci/.well-known/openid-configuration"
OIDCClientID "apache24"
OIDCClientName "apache24"
OIDCClientSecret "cc251291-9254-42ef-8073-6f5b396f73cc"
OIDCScope "openid email profile"
OIDCProviderTokenEndPointAuth "client_secret_basic"
OIDCRedirectURI http://192.168.122.103/test/redirect_uri
OIDCCryptoPassphrase 0123456789
OIDCRemoteUserClaim "preferred_username"
<Location /test>
AuthType openid-connect
Require valid-user
</Location>
^This is my current configurations.
My expected output should be:
If not yet verified by Keycloak: 1. Access index.html -> redirect to Keycloak if first time to login 2. Redirect to index.html after verification (this contains links to Jenkins and Gitbucket) 3. When link for applications are clicked, I dont need to relogin for the same realm.
Please correct me if my understanding for the scenario is correct.
I also dont know how to use logout and where to put logout for the landing page and SSO.
