mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that authenticates users against an OpenID Connect Provider. It can also function as an OAuth 2.0 Resource Server, validating access tokens presented by OAuth 2.0 clients against an OAuth 2.0 Authorization Server.
Questions tagged [mod-auth-openidc]
90 questions
0
votes
1 answer
Logout with mod_auth_openidc
I am very new to OpenID and authentication in general. My problem is the following: our app is served on a apache 2.x server (that is our RP) with the front-end served from the static directory and the back-end if proxied on /api, the OP is a…

Kipr
- 806
- 10
- 13
0
votes
0 answers
Integrating mod_auth_openidc with a login form
I have several web sites running under Apache/CGI that need to authenticate users. The present mechanism is long past end of life, so I am looking to move to OpenID Connect. To make life easier, I want to use mod_auth_openidc rather than code…

El Ingeniero
- 41
- 4
0
votes
1 answer
Apache 2 cannot successfully load module?
We have an older ubuntu 14 server that is currently working and has apache2 running on and I'm attempting to install an open idc module to get SSO working at our company. I know...Ubuntu 14 is old, but that's a whole other can of worms...
When I…

benishky
- 901
- 1
- 11
- 23
0
votes
1 answer
How to logout with mod_auth_openidc
I use mod_auth_openidc to implement login on my website. I use multiple providers, so to initiate a login into one I redirect to:
/protected/redirect_uri/?target_link_uri=&iss=
which works as…

Alex_siem
- 13
- 3
0
votes
1 answer
How can I rewrite a url to append a header with Apache
I have an Apache instance that is receiving requests in the form of https://www.example.com/some_path/rpc/x/y/z.pbf that include among others a header OIDC_CLAIM_foo = "[1,2]"
How can I rewrite the URL so that when it includes "rpc" the header is…

Alexis Panagiotopoulos
- 432
- 3
- 8
0
votes
1 answer
Use mod_auth_openidc to connect to multiple clients with the same provider
The mod_auth_openidc wiki describes, how you can connect to different clients that use different issuer: https://github.com/zmartzone/mod_auth_openidc/wiki/Multiple-Providers
However in my case I have two clients with the same provider. More…

Alex_siem
- 13
- 3
0
votes
1 answer
keycloak, Apache, mod_auth_openidc, elasticsearch opendistro
I'm trying to setup single sign-on (SSO) for accessing private directory on apache 2.4 and assign role in elasticsearch (opendistro) for keycloak logged user. No real problem assigning role to user in keycloak (and succeed to connect to openldap…

Germain
- 11
- 4
0
votes
1 answer
Azure AD "groups" claim not being passed to mod_auth_openidc
I created an Azure AD account to test SSO. I was able to get Apache to authenticate a site using SSO and pass the authenticated user's email address as a header. I'm having trouble getting the "groups" claim to be passed through.
My Apache config…

Michael Whittle
- 41
- 1
- 5
0
votes
1 answer
Retrieve auth token from mod_auth_openidc in AngularJS client
I am building an AngularJS application that is supposed to retrieve data from an API.
The API is doing an introspection against the OIDC provider of my choice to verify the token sent alongside with the API call.
The client side is not supposed to…

mxcd
- 1,954
- 2
- 25
- 38
0
votes
1 answer
Apache OpenID Connect refreshing token early
I'm using mod_auth_openidc on my resource server with ORY HYDRA on the OAuth provider and a custom login & consent provider. OpenID Connect flows properly through login and consent and directs back to the resource server, and the session persists…

Will Regelmann
- 31
- 3
0
votes
1 answer
Apache LocationMatch named regular expression strange behavior
I'm trying to create dynamic apache config for lots of directories with OpenID auth, but I never got it to work, I think that there's something wrong with named regexp, but I don't know.
Here's my virtualhost config:
AliasMatch ^/backup/(.*)$…

Kyrylo Skobylko
- 23
- 3
0
votes
1 answer
Openid Connect SSL_PROTECTION_ERROR on callback url
I'm trying to implement the OIDC login system to my website. I'm using openID connect discovery to gather all the required information from the .well-known/openid-configuration. I have managed to get to the login part and everything, but when the…

madvic
- 123
- 2
- 13
0
votes
1 answer
Refresh access token on mod_auth_openidc when submitting a form
I am successfully using mod_auth_openidc to authenticate my website and get an access_token. I can use the access_token to authenticate my server-side code to a third-party resource hosted elsewhere as the logged-in user.
If the access token…

Gary Bilkus
- 23
- 4
0
votes
1 answer
Keycloak/mod_auth_openidc under reverse proxy
I have a landing page for my openid which will redirect to Keycloak if not yet authorized, then will redirect to my landing page once verified.
I used my keycloak server under a Apache mod_proxy.
The configuration is successful. Now, my problem is…

deji04
- 5
- 7
0
votes
1 answer
How can OpenID Connect utilize userinfo for authorization?
I'm utilizing mod_auth_openidc to front an API that has neither authentication nor authorization. The same endpoint also serves UI, so it has interactive and server-to-server queries hitting it. This is something the module has AuthType auth-openidc…

mabi
- 5,279
- 2
- 43
- 78