Closed fauguste closed 10 years ago
Firstly you'll have ensure that you access the protected content on under the same protocol (http/https)/hostname/port as in the OIDCRedirectURI
setting. Both values are visible in the logs in an entry like:
oidc_proto_authorization_request: entering (issuer=<issuer>, redirect_uri=<redirect_uri>, original_url=<original_url>, state=<state>, nonce=<nonce>)
So protocol/host/port of redirect_uri
must match that of original_url
. I'll add a check that prints out a warning if they don't match, but let me know if this is the cause of your problem.
Yes, redirect_uri and original_url are the same :
[Thu Jun 05 07:26:50.646194 2014] [:debug] [pid 8781] src/proto.c(120): [client 176.183.84.57:51466] oidc_proto_authorization_request: entering (issuer=accounts.google.com, redirect_uri=http://ec2-54-217-104-54.eu-west-1.compute.amazonaws.com/exemple/callback/, original_url=http://ec2-54-217-104-54.eu-west-1.compute.amazonaws.com/exemple/, state=XXXXXXXXXXXXXXXXXXXXX, nonce=(null))
there was a bug in the fact that Cookies we're only set with a "Secure" flag, even if on plain HTTP; that if fixed now
nevertheless, in production, one should not run authenticated user sessions over plain HTTP
Thanks, obviously, I will use HTTPS in production.
Can you provide a new deb file ?
Hi,
I have some problems to use your apache module with Google provider.
I am using Ubuntu 14.04 and libapache2-mod-auth-openidc_1.4_amd64.deb
I enabled auth_openidc.load and auth_openidc.conf (withour modification).
I added the following lines in my apache conf :
I have an error 500 and these lines in my error log :
Can you see what happend ?
Thanks, Fred