Hello Niels,I think you're right here - apachectl -L says:OIDCCryptoPassphrase (mod_auth_openidc.c)Passphrase used for AES crypto on cookies and state.Allowed in *.conf only outside <Directory>, <Files>, <Location>, or <If>I did not read the docks properly. So this OIDCCryptoPassphrase is only used byApache mod_oidc & mod_balancer & not by keycloak if I understand you correctly.So I could simply change:OIDCCryptoPassphrase currently-not-supported-by-keycloaktoOIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer... to make it more clear that this secret should really be a secret and is not used by Keycloak, right?Cheers,Thomas2016-06-03 16:34 GMT+02:00 Niels Bertram <nielsbne@gmail.com>:Hi Thomas,just a comment on your example project, the Apache directive OIDCCryptoPassphrase is (AFAIK) used by the apache module to en/decrypt the state parameter that is sent with the redirect params to the OP. This is a mandatory settings and you will have to make sure its random and secured (otherwise someone can steal your users session). If you run the apache behind a load balancer, this value needs to be the same on all nodes, else the module will return invalid state errors.Cheers,NielsOn Fri, Jun 3, 2016 at 7:30 AM, Thomas Darimont <thomas.darimont@googlemail.com> wrote:_______________________________________________Hello group,Just wanted to let you know that I build a small example [0] thatdemonstrates the usage of Keycloak with mod_auth_oidc [1]with Docker + Apache + PHP.Works like a charm :)Cheers,Thomas
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user