Wrong Http Status code while doing stepup Authentication. #920
-
Hallo @zandbelt , I implementing the mod_auth_openidc by reading your documents. I am facing issue while doing stepup authentication for our higher login scenario. The issue that we get is the http status code 200 and location instead of 302 and location in our network calls while doing higherlogin stepup.Here is my OIDC configuration. OIDCProviderMetadataURL https://login-ciam-e2e2.whatsappsim.de/signin/oauth2/realms/root/realms/whatsappsim/.well-known/openid-configuration <Location /apps2mce/services/oidc>
<If "%{REQUEST_URI} = '^/apps2mce/services/oidc'">
RewriteCond %{QUERY_STRING} !stackInfo=In_Migration
<Location /apps2mce/services/oidc/higherlogin>
Oidc logs..... I have also attached the image of higher login netwrok calls in chrome browser. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
Step-up for Apache 2.4 does not work with a redirect as Apache does not allow a redirect that late in the process. Instead a HTML page is served that will have a meta refresh tag that redirects the browser for authorization and that page will indeed be served with a status code 200. |
Beta Was this translation helpful? Give feedback.
-
Thanks @zandbelt for your response. |
Beta Was this translation helpful? Give feedback.
Step-up for Apache 2.4 does not work with a redirect as Apache does not allow a redirect that late in the process. Instead a HTML page is served that will have a meta refresh tag that redirects the browser for authorization and that page will indeed be served with a status code 200.