mod_auth_openidc | OpenID Certified™ OpenID Connect Relying Party | Authentication library

I've been to the Releases site for mod_auth_openidc and brought down the rpm. And attempting to install requires cjose but attempting to find and install that poses a problem as it seems to incorrectly test the version of jansson (e.g., 2.10 is though to be less than 2.3). Most of the documentation I find is years old. Trying to use yum brings in a very outdated version of the mod_auth_openidc (1.8.8) that fails to allow apache httpd to load if you have an OIDCDirectURL coded.

I'm trying to configure Apache HTTPD to call out to an OAUTH2 Server I've created but I can't get the old mod to work and I'd love to know where I can get the piece parts to allow the latest version to install. There are some old downloads on the Releases site if you page back to 2.0 but the libcjose0 is not an rpm.

Do I need to retrieve the dependencies from their github and build them? If someone has done this already and posted the assets I'm happy to retrieve them. I'm surprised RHEL 7 repos don't have the latest (or newer) versions of the mod_auth_openidc.

I am trying to use Azure AD to authenticate a website in Apache web server deployed on a windows server. A possible solution we were looking for is mod_auth_openidc, however, it is not available for windows.

Are there any other options that can be used to authenticate a website in apache on a windows server?

Environment: Keycloak 12.0.4

We plan to allow various OpenIDC-protected applications to initiate a "single sign-out" using Keycloak's end_session_endpoint. In our case, we'd like to provide our own URL that applications will hit when they want to sign-out. That URL will either programmatically invoke the end_session_endpoint or simply redirect the user's browser to that endpoint.

The Keycloak documentation and examples I've seen so far are a bit confusing regarding how to invoke this endpoint. For example, do I need to add a query parameter with the id token as a value? (I noticed, for example, that mod_auth_openidc includes an id_token_hint query param.) I assume this call has to be authenticated, so do I include the client id/secret as the credentials?

Thanks!

I use mod_auth_openidc to implement login on my website. I use multiple providers, so to initiate a login into one I redirect to:
/protected/redirect_uri/?target_link_uri=&iss=
which works as expected.
Now I want to initiate a logout in a similar manner, by refering the logout button to:
/protected/redirect_uri?logout=&iss=
but I simply get a 404. Of course /protected/redirect_uri does not actually exist but for some reson openidc does not handle the logout request.
The logout page is not protected and the provider has an end_session_endpoint in it's metadata.

I am using mod_auth_openidc with Apache and varnish catch reverse proxy in front of Grafana to offload SSO OAuth2; once I login, after sometime I get the below fetch error, as I investigated the issue; found that the OAuth token gets expired and mod_auth_openidc is not able to refresh the token; I was able to trace the flow

We recently performed a DNS Flip on a Rails application integration environment. We've set example-1.com as a CNAME pointing at A record example-2.com. The service at example-2.com is a Ruby on Rails application with Apache and Passenger Phusion. On top of Apache we are using OpenId-Connect (specifically the mod_auth_openidc module).

When we try to access example-1.com directly, everything works fine. But when we try to do so through example-2.com, we get the following error:

I am building an AngularJS application that is supposed to retrieve data from an API. The API is doing an introspection against the OIDC provider of my choice to verify the token sent alongside with the API call.

The client side is not supposed to be callable before signing in on the OIDC login page. To do so, it is protected by an apache http server using mod_auth_openidc. This mod makes sure, that the client is being redirected to the OIDC provider login if no token is present. After successful login, the AngularJS application is loaded.

My question is how to retrieve the token within the AngularJS client so that I can forward it to the API?