<div dir="ltr">Hi Thomas,<div><br></div><div>just a comment on your example project, the Apache directive <span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre">OIDCCryptoPassphrase</span> is (AFAIK) used by the apache module to en/decrypt the state parameter that is sent with the redirect params to the OP. This is a mandatory settings and you will have to make sure its random and secured (otherwise someone can steal your users session). If you run the apache behind a load balancer, this value needs to be the same on all nodes, else the module will return invalid state errors.</div><div><br></div><div>Cheers,</div><div>Niels</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 3, 2016 at 7:30 AM, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello group,<div><br></div><div>Just wanted to let you know that I build a small example [0] that </div><div>demonstrates the usage of Keycloak with mod_auth_oidc [1] </div><div>with Docker + Apache + PHP.</div><div><br></div><div>Works like a charm :)<br></div><div><br></div><div>Cheers,</div><div>Thomas</div><div><br></div><div>[0] <a href="https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example" target="_blank">https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example</a></div><div>[1] <a href="https://github.com/pingidentity/mod_auth_openidc" target="_blank">https://github.com/pingidentity/mod_auth_openidc</a></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>