DEVHIDE
Login Or Sign up

Getting claims in app with mod_auth_openidc

113 Views Asked by At

I have a problem with an Open Id Connect app.
Server is keycloak, fully functional.
On the client side, I have a test app (iNetOrgPerson.html) that is declared in KC as webapp.home. That app is managed by apache and mod_auth_openidc.
Authentication works fine.
However, I do not receive my claims neither as headers nor as environment variable. Seems obvious that my my httpd config has something wrong, but I cannot see what.
Can someone help ?
Thxs in adv.

<VirtualHost *:80>
    ServerName www.webapp.home
    ServerAlias webapp.home
    DocumentRoot /var/www/webapp.home
    ErrorLog logs/webapp_home.error_log
    CustomLog logs/webapp_home.access_log combined


    OIDCCryptoPassphrase webapp_home
    OIDCScope "openid email"

    OIDCProviderMetadataURL http://zbook.home:8180/realms/testRealm/.well-known/openid-configuration
    OIDCClientID webapp.home
    OIDCClientSecret lx2ThK3H6fKlqPVD8LLuNNJuyForkrwu
    OIDCRedirectURI http://webapp.home/redirect_uri
    OIDCProviderTokenEndpointAuth client_secret_basic
    OIDCPassClaimsAs headers
    OIDCPassIDTokenAs claims
    OIDCPassUserInfoAs claims

    OIDCRemoteUserClaim email


    <Location />
        AuthType openid-connect
        Require valid-user
    DirectoryIndex iNetOrgPerson.html
    </Location>

</VirtualHost>

And the headers are dumped with the following js script :

<script>  
 var x= "";  
 if(window.fetch)  
    fetch(location, {method:'HEAD'})
    .then(function(r) {
       r.headers.forEach(function(Value, Header) { x= x + Header + ": " + Value + "\n\n"; });
    })
    .then(function() {
       document.body.appendChild(document.createElement("pre")).textContent= x;  
    });  
 else    
   document.write("This does not work in your browser - no support for fetch API");  
</script>

Output of js is such as :

accept-ranges: bytes
    connection: Keep-Alive
    content-length: 3900
    content-type: text/html; charset=UTF-8
    date: Mon, 01 Jan 2024 21:48:41 GMT
    etag: "f3c-60de9584a1702"  
    keep-alive: timeout=5, max=99  
    last-modified: Mon, 01 Jan 2024 21:48:40 GMT  
    server: Apache/2.4.58 (Fedora Linux) OpenSSL/3.0.9 mod_auth_gssapi/1.6.3 mod_wsgi/4.9.1 Python/3.11
keycloak mod-auth-openidc
Original Q&A
1

There are 1 best solutions below

0
Pascal Jakobi On

The mod_auth_openidc was missing the following stanza :

Header set MyHeader %{REMOTE_USER}s

Adding this, the configuration works.

Related Questions in KEYCLOAK

Related Questions in MOD-AUTH-OPENIDC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.