With the OIDCCacheType directive commented out from build-contracts/openidc/000-default.conf, an attempt will be made to validate with keycloak, which is blocked through seded proxy directive:
openidc2_1 | [Thu Nov 23 12:34:02.318653 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/cache/common.c(603): [client 172.19.0.1:33516] oidc_cache_get: cache miss from shm cache backend for key http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/
openidc2_1 | [Thu Nov 23 12:34:02.318666 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/util.c(621): [client 172.19.0.1:33516] oidc_util_http_query_encoded_url: url=http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/
openidc2_1 | [Thu Nov 23 12:34:02.318678 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/util.c(662): [client 172.19.0.1:33516] oidc_util_http_call: url=http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, data=(null), content_type=(null), basic_auth=(null), bearer_token=(null), ssl_validate_server=1, timeout=5, outgoing_proxy=(null), pass_cookies=0, ssl_cert=(null), ssl_key=(null), referer: http://openidc/protected/
openidc2_1 | [Thu Nov 23 12:34:02.323597 2017] [auth_openidc:error] [pid 15:tid 139906291406592] [client 172.19.0.1:33516] oidc_util_http_call: curl_easy_perform() failed on: http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration (Failed to connect to openidc port 2080: Connection refused), referer: http://openidc/protected/
openidc2_1 | [Thu Nov 23 12:34:02.323781 2017] [auth_openidc:error] [pid 15:tid 139906291406592] [client 172.19.0.1:33516] oidc_provider_static_config: could not retrieve metadata from url: http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/
https://github.com/zmartzone/mod_auth_openidc/wiki/Caching#redis is a sensible default for us.
Replaces #3 which failed to validate the setup.
With the
OIDCCacheType
directive commented out from build-contracts/openidc/000-default.conf, an attempt will be made to validate with keycloak, which is blocked throughsed
ed proxy directive:With redis cache, "cache hit":