Apache mod_auth_openidc integration

andreaca · June 23, 2021, 7:02pm

I have been asked to integrate Okta with an application that us running on apache and they would like to use the mod_auth_openidc .
I have created an OIDC Web application in Okta and also created an Authorization Server.
I provided the apache application owners all the information needed:

Cllient ID
Client Secret
Issuer
Metadara URI

They have configured on the mod_auth_openidc on their end but they continue to get a system internal error and they said on their logs it seems like they are not able to get the metadata.
I am posting here to check if anyone has ever done this integration using Apache mod_auth_openidc that could give some tips on what could be the issue? I believe it is the apache proxy config might need to have something done.
If anyone has implemented this and could give some tips , or is there anything missing on the okta end ?

thank you
Andrea

okra-okta · June 23, 2021, 8:03pm

Is the Metadata URI in one of these formats?

https://${yourOktaDomain}/oauth2/${auth_server_id}/.well-known/openid-configuration
https://${yourOktaOrg}/.well-known/openid-configuration

https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server-discovery-endpoints
https://developer.okta.com/docs/concepts/auth-servers/#custom-authorization-server-discovery-endpoints

andreaca · June 23, 2021, 10:15pm

We figure it out. It was on the Apache configuration. They needed to setup something on the proxy settings.

sai.kiran · July 11, 2022, 4:55am

After successful integration of apache2 with Mod_auth_oidc i am getting Authorization code as response and the code flow is not completing to get access token.
I am expecting access token.

OIDCProviderMetadataURL https://dev-xx.okta.com/oauth2/aus3qpb5mj6gmFPWv5d7/.well-known/oauth-authorization-server
OIDCClientID 0oa5ldzaqcxxx
OIDCClientSecret xxxx
OIDCRedirectURI https://www.mydomain.com/app1/redirect_uri
#OIDCResponseType code
OIDCProviderTokenEndpointAuth client_secret_basic
OIDCRemoteUserClaim email
OIDCScope “openid profile email”
OIDCSSLValidateServer Off
OIDCProviderIssuer https://dev-xxx.okta.com/oauth2/aus3qpb5mj6gmxxx>
OIDCCryptoPassphrase kWEFKJSD2
OIDCPassClaimsAs environment
OIDCClaimPrefix USERINFO_
OIDCPassIDTokenAs payload
<Location “/apps”>
Require valid-user
AuthType openid-connect

Response received after successful authentication https://www.mydomain.com/app1/redirect_uri?code=_sqiWN14uq6nHCIMN9xeroXIpVv1vrmZkYJ503zTDLg&state=pbpFWjv6vwYHa6vTCh-NaG1AYe8

Here i am using Auth code flow

system · February 12, 2024, 9:19pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.