I have a server configured with mod_auth_openidc 2.11. When a Windows user goes to site x.foo.com which has mod_auth_openidc configured, they are automatically authenticated by presenting the logged-in user's AD credentials. If the user then goes to z.foo.com, and that server doesn't have mod_auth_openidc, it doesn't look like the cookie named by OIDCCookie is passed. An application on z.foo.com wants to get the JWT associated with the user that is logged in, but I don't see how to get that to be automatically passed to other sites. It looks like I should set
OIDCCookieDomain foo.com
but then would that cause the cookie to be passed to a.b.foo.com?
I've looked at what is being passed in the headers, and I don't see the OIDCCookie in the list of cookies.