multiple apache2 instance on different host

[jshen28]

Hello,

I am trying to deploy mod_auth_openidc for sso. It works fine if I deploy one httpd instance. But if I run multiple apache2 on different hosts, looks like browser keeps redirecting. Would be really appreciated to know how to properly run apache2 if I would like to have more than one instance..

Thank you,
Best,
Norman

My configuration looks like this:

      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/keystone/keystone.error.log

    SetEnv HTTP_OIDC_ISS xxx

    #OIDCCookieSameSite "on"
    OIDCClaimPrefix "OIDC-"
    OIDCClientID openstack
    OIDCClientSecret 2d893e19-c446-4ada-b26c-1912e05469e6
    OIDCCryptoPassphrase "openstack"
    OIDCRedirectURI "http://example.com/v3/auth/OS-FEDERATION/websso/openid/redirect"
    OIDCRedirectURI "http://example.com/v3/auth/OS-FEDERATION/identity_providers/vanity/protocols/openid/websso"
    OIDCProviderMetadataURL "https://example.com/auth/realms/picp/.well-known/openid-configuration"
    OIDCResponseType "id_token"
    OIDCScope "openid email"
    OIDCSSLValidateServer "Off"
    OIDCOAuthSSLValidateServer "Off"
    OIDCOAuthVerifyJwksUri "https://example.com/auth/realms/picp/protocol/openid-connect/certs"
    OIDCIDTokenIatSlack "3600"
    OIDCProviderIssuer "https://example.com/auth/realms/picp"
    OIDCProviderAuthorizationEndpoint "https://example.com/auth/realms/picp/protocol/openid-connect/auth"
    OIDCProviderTokenEndpointAuth "client_secret_basic"

    <LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/openid/auth>
      AuthType oauth20
      Require valid-user
    </LocationMatch>
    <LocationMatch "/v3/auth/OS-FEDERATION/websso/oidc">
      AuthType openid-connect
      Require valid-user
    </LocationMatch>
    <LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/.*?/protocols/openid/websso">
      AuthType openid-connect
      Require valid-user
    </LocationMatch>
    <LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
      AuthType openid-connect
      Require valid-user
    </LocationMatch>
    CustomLog /var/log/keystone/keystone.access.log proxy
</VirtualHost>

[zandbelt]

see https://github.com/zmartzone/mod_auth_openidc/wiki/Caching

[jshen28]

thank you, using cache solves the issue. Besides, how much memory is suggested to reserve for memcache?