Git Product home page Git Product logo

mod_sts's Issues

mod_sts with mod_openid

Hello,

I am trying to enable mod_stsfor apache with mod_oidc.

For now I have the following config in apache for OIDC :

OIDCClientID 'xxxxxxxxxx'
    OIDCPublicKeyFiles xxxxxxxxxx#/xxxxxxxxxx/client_sign.pem xxxxxxxxxx#/xxxxxxxxxx/client_enc.pem
    OIDCPrivateKeyFiles xxxxxxxxxx#/xxxxxxxxxx/client_sign.key xxxxxxxxxx#/xxxxxxxxxx/client_enc.key
    OIDCProviderMetadataURL https://xxxxxx/auth/realms/xxxxx/.well-known/openid-configuration
    OIDCProviderTokenEndpointAuth private_key_jwt
    OIDCCryptoPassphrase 'xxxxxx'
    OIDCRedirectURI https://xxxxx/redirect_uri
    OIDCSSLValidateServer On

    OIDCUserInfoSignedResponseAlg RS256
    OIDCIDTokenSignedResponseAlg RS256
    OIDCIDTokenEncryptedResponseEnc A256GCM
    OIDCIDTokenEncryptedResponseAlg RSA-OAEP

    OIDCIDTokenIatSlack 60
    OIDCStateTimeout 30
    OIDCPassRefreshToken On
    OIDCRemoteUserClaim preferred_username

    OIDCScope "openid email profile"

    <Location "/oidc/jwks.json">
        Alias /xxxxxxxxxx/jwks.json
        Satisfy Any
        Allow from all
        AuthType None
        Require all granted
    </Location>

    # Replace OIDC location
    <Location "/">
        LogLevel sts:debug
        AuthType openid-connect
        Require valid-user
        SetEnvIf OIDC_access_token "(.+)" access_token=$1

        STSExchange otx https://xxxxxxxxxx/auth/realms/xxxxxxxxxx/protocol/openid-connect/token \
auth=private_key_jwt&\
client_id=xxxxxxxxxx&\
jwk=JWKKEY&\
aud=https://xxxxxxxxxx/auth/realms/xxxxxxxxxx

    </Location>

In my apache log i get the following :

<snip>
[Fri Apr 09 09:12:31.062683 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_CLAIM_nonce: xxxxxxxxxx
[Fri Apr 09 09:12:31.062694 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_CLAIM_session_state: xxxxxxxxxx
[Fri Apr 09 09:12:31.062706 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_CLAIM_at_hash: xxxxxxxxxx
[Fri Apr 09 09:12:31.062719 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_CLAIM_acr: 0
[Fri Apr 09 09:12:31.062761 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_refresh_token: xxxxxxxxxx
[Fri Apr 09 09:12:31.062809 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_access_token: xxxxxxxxxx
[Fri Apr 09 09:12:31.062858 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: OIDC_access_token_expires: 1617989756
[Fri Apr 09 09:12:31.062873 2021] [sts:debug] [pid 66] src/http.c(158): [client 1.2.3.4:58854] _oauth2_http_request_header_set_add_sanitized: REMOTE_USER: xxxxxxxxxx
[Fri Apr 09 09:12:31.062884 2021] [sts:debug] [pid 66] src/server/apache.c(280): [client 1.2.3.4:58854] oauth2_apache_request_context_init: created request context: 0x56189d8b7bb0
[Fri Apr 09 09:12:31.062896 2021] [sts:debug] [pid 66] src/mod_sts.c(52): [client 1.2.3.4:58854] sts_check_access_handler: enter: "/?(null)", ap_is_initial_req(r)=1
[Fri Apr 09 09:12:31.062905 2021] [sts:debug] [pid 66] src/liboauth2-sts/src/sts.c(704): [client 1.2.3.4:58854] sts_request_handler: enter
[Fri Apr 09 09:12:31.062924 2021] [sts:debug] [pid 66] src/proto.c(212): [client 1.2.3.4:58854] _oauth2_get_source_token_from_envvar: enter
[Fri Apr 09 09:12:31.062934 2021] [sts:debug] [pid 66] src/server/apache.c(491): [client 1.2.3.4:58854] oauth2_apache_get_envvar: get environment variable: access_token
[Fri Apr 09 09:12:31.062944 2021] [sts:debug] [pid 66] src/proto.c(226): [client 1.2.3.4:58854] _oauth2_get_source_token_from_envvar: no source token found in access_token environment variable

Do you have any idea to rename the OIDC_access_token variable as access_token variable ?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.