[keycloak-user] Using Keycloak with Apache and mod_auth_oidc
Niels Bertram
nielsbne at gmail.com
Fri Jun 3 10:34:55 EDT 2016
Hi Thomas,
just a comment on your example project, the Apache directive
OIDCCryptoPassphrase is (AFAIK) used by the apache module to en/decrypt the
state parameter that is sent with the redirect params to the OP. This is a
mandatory settings and you will have to make sure its random and secured
(otherwise someone can steal your users session). If you run the apache
behind a load balancer, this value needs to be the same on all nodes, else
the module will return invalid state errors.
Cheers,
Niels
On Fri, Jun 3, 2016 at 7:30 AM, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:
> Hello group,
>
> Just wanted to let you know that I build a small example [0] that
> demonstrates the usage of Keycloak with mod_auth_oidc [1]
> with Docker + Apache + PHP.
>
> Works like a charm :)
>
> Cheers,
> Thomas
>
> [0] https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example
> [1] https://github.com/pingidentity/mod_auth_openidc
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160604/f4cc7c9e/attachment.html
More information about the keycloak-user
mailing list