Replies: 1 comment
-
|
This was an error on the Azure App configuration. An optional upn claim was added and misconfigured. All working now after a fresh app added and kept as simple as possible. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi All,
Apache/2.4.37 (centos)
mod_auth_openidc release 2.4.11.2
Attempting to get apache connected to Azure. But appear to be having signature verification and validation issues. Any help/leads greatly appreciated.
The return page:
OpenID Connect Provider error: Error in handling response type.
https://OUR_DOMAIN.COM/oidc/?code=0.AUEAqElvoilbsEeR7b11ZrC4zrz2G436LHJIuI1YReA5lOJBAAA.AgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P-uKDCJ3My7LTDs0B2y4wfi4uEK_UwG53pOFLZ_IqRFTUlMf8WE09dNkAyCFyn-BKUQSGQ7cg_TEjQKTwOIckbafSY4ttvj4T6AcxzBohLU9C10IPZvt-0AFQRMEVKQk3KSPmb0p7-Pb-HxMd3Um8rfzF_l6k8SusQesYD8LTtQkalC5DljJxmD9YJJQ14Zs35-8ubpeQJdSCX1rYqEzKkdXXSa9CN27-cZCfpEh6c6L-U73rEVn2gJI1fTvrE34WIXz3QtBn6i5lvzzdzfjtun8UQaAy7kol5rCbD7HKQqVfOCXdx5RH17xmPHmx2bbRF6Qy2t6NIVF569VSPVsP81UqQbhU_Dvminb0RB_Ub7f1Cf7wakhtNrEsbrc6C45xgbKNB1PyVjtYU9D_MvcDda7oGjJGJNTw5JhkU_Bleo0jYOlZnnJtQdHJbmRpNMztIlsC7DIOpSmkVRrKI9v-0hezjRNjKiXJ06J7f30_tZI5RaAwaQF7lzU5f06GDa20SClydC0r6olXHecmBa_E1sbzmIq3ca9dpSQYwyi3y1kbQfFCjiF0p4pdhDJ20YPPjay-ZLpp8-6TcoFI5wCbnHL9HCrQ9KlBg90Y-CO9cc3BJFB9TPfguBlCp5piglhY0WjsU3AXVzSgQ5iQjFKvx3T7Xg-1I_fQQYFYWtVkdBBxNWohxAJgxdvZebnFphzZy5eX-HaYX8TbYj6GVi3PGWd1XZdOdz9mdmB4pnSbJNJi3hl09baK2M2wNNGimzdFhxLuB9_fLnmxcGTaVOxEpNXjTnp0jZ8iht4KPUc3YgSY_j8ZHozKhELw&state=XzaI-2gvhKcMbdqA_gzHtknhYIw&session_state=c04490a9-25bd-4714-9ffd-8d4ac9fbfe36#
Apache error log:
[Mon Jul 04 15:37:43.896048 2022] [auth_openidc:error] [pid 45800:tid 140520386066176] [client 10.96.173.192:51507] oidc_proto_jwt_verify: JWT signature verification failed: [src/jose.c:993: oidc_jwt_verify]: could not find key with kid: 0CxlQeGEmM6RIMDo72TI_2XcG0E, referer: https://login.microsoftonline.com/
[Mon Jul 04 15:37:43.896129 2022] [auth_openidc:error] [pid 45800:tid 140520386066176] [client 10.96.173.192:51507] oidc_proto_parse_idtoken: id_token signature could not be validated, aborting, referer: https://login.microsoftonline.com/
Apache config:
OIDCProviderMetadataURL https://sts.windows.net/OUR_TENENT/v2.0/.well-known/openid-configuration
OIDCClientID OUR_CLIENT_ID
OIDCClientSecret APP_SECRET
OIDCRedirectURI https://OUR_DOMAIN.COM/oidc/
OIDCRemoteUserClaim upn
OIDCScope "openid profile email"
OIDCCryptoPassphrase A_PASS_PHRASE
OIDCSessionInactivityTimeout 28800
OIDCSessionMaxDuration 28800
OIDCStateMaxNumberOfCookies 10 true
OIDCCookieSameSite Off
OIDCOutgoingProxy http://OUR_PROXY_SERVER:3128
OIDCPassClaimsAs environment
OIDCPassIDTokenAs serialized
OIDCPassRefreshToken On
OIDCStripCookies mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1
Beta Was this translation helpful? Give feedback.
All reactions