search

Reposoft / openidc-keycloak-test

zmartzone/mod_auth_openidc and keycloak combined - self hosted cloud auth
19 stars 6 forks source link

Use Redis session cache by default #22

Closed solsson closed 6 years ago

solsson commented 6 years ago

https://github.com/zmartzone/mod_auth_openidc/wiki/Caching#redis is a sensible default for us.

Replaces #3 which failed to validate the setup.

With the OIDCCacheType directive commented out from build-contracts/openidc/000-default.conf, an attempt will be made to validate with keycloak, which is blocked through seded proxy directive:

openidc2_1        | [Thu Nov 23 12:34:02.318653 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/cache/common.c(603): [client 172.19.0.1:33516] oidc_cache_get: cache miss from shm cache backend for key http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/
openidc2_1        | [Thu Nov 23 12:34:02.318666 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/util.c(621): [client 172.19.0.1:33516] oidc_util_http_query_encoded_url: url=http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/
openidc2_1        | [Thu Nov 23 12:34:02.318678 2017] [auth_openidc:debug] [pid 15:tid 139906291406592] src/util.c(662): [client 172.19.0.1:33516] oidc_util_http_call: url=http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, data=(null), content_type=(null), basic_auth=(null), bearer_token=(null), ssl_validate_server=1, timeout=5, outgoing_proxy=(null), pass_cookies=0, ssl_cert=(null), ssl_key=(null), referer: http://openidc/protected/
openidc2_1        | [Thu Nov 23 12:34:02.323597 2017] [auth_openidc:error] [pid 15:tid 139906291406592] [client 172.19.0.1:33516] oidc_util_http_call: curl_easy_perform() failed on: http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration (Failed to connect to openidc port 2080: Connection refused), referer: http://openidc/protected/
openidc2_1        | [Thu Nov 23 12:34:02.323781 2017] [auth_openidc:error] [pid 15:tid 139906291406592] [client 172.19.0.1:33516] oidc_provider_static_config: could not retrieve metadata from url: http://openidc:2080/auth/realms/Testrealm/.well-known/openid-configuration, referer: http://openidc/protected/

With redis cache, "cache hit":

openidc2_1        | [Thu Nov 23 12:38:49.990204 2017] [auth_openidc:debug] [pid 23:tid 140370469910272] src/util.c(2192): [client 172.19.0.1:33572] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_session=be00c911-5a29-4683-a3f4-cb7bf48c49f4, referer: http://openidc:2080/protected/
openidc2_1        | [Thu Nov 23 12:38:49.990211 2017] [auth_openidc:debug] [pid 23:tid 140370469910272] src/util.c(1002): [client 172.19.0.1:33572] oidc_util_get_cookie: returning "mod_auth_openidc_session" = "be00c911-5a29-4683-a3f4-cb7bf48c49f4", referer: http://openidc:2080/protected/
openidc2_1        | [Thu Nov 23 12:38:49.990219 2017] [auth_openidc:debug] [pid 23:tid 140370469910272] src/cache/common.c(567): [client 172.19.0.1:33572] oidc_cache_get: enter: be00c911-5a29-4683-a3f4-cb7bf48c49f4 (section=s, decrypt=1, type=redis), referer: http://openidc:2080/protected/
openidc2_1        | [Thu Nov 23 12:38:49.990529 2017] [auth_openidc:debug] [pid 23:tid 140370469910272] src/cache/common.c(601): [client 172.19.0.1:33572] oidc_cache_get: cache hit: return 4714 bytes from redis cache backend for encrypted key n1UyAqAwnI0NBb1re4O_oSwx2A_qa86hl_Bas9BpKBo, referer: http://openidc:2080/protected/