Replies: 2 comments 4 replies
-
|
Hey Mads! :-) |
Beta Was this translation helpful? Give feedback.
-
|
Hi Hans - thanks for your prompt answer :) I am actually using OIDCProviderJwksUri - writing OIDCOAuthVerifyJwksUri was a copy-paste error. I am trying to do a SAML like set up i.e. not base the trust on TLS, but that seems impossible? Not even embedding the key in metadata is allowed - jwks_uri has to be a https url. |
Beta Was this translation helpful? Give feedback.
-
|
that is the default setup indeed; embedding the key is not possible, but you could a) host the key (as JWKs) on the same Apache server, assuming it has a valid TLS cert and you do not see that as problematic, or b) host the key (as JWKs) on a HTTPs server that has a locally issued certificate configured and configure |
Beta Was this translation helpful? Give feedback.
-
|
Thanks again - I will see if I can manage a PR ... |
Beta Was this translation helpful? Give feedback.
-
|
@madsfreek please try this branch |
Beta Was this translation helpful? Give feedback.
-
|
now published as part of release 2.4.12.3, see: https://github.com/zmartzone/mod_auth_openidc/releases/tag/2.4.12.3 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Hans
I'm trying to use a statically configured key (OIDCOAuthVerifyCertFiles - i.e. a PEM encoded certificate) to validate the signature on an id_token.
The debug output is:
If I configure the same key - in jwks format - using OIDCOAuthVerifyJwksUri it works fine :)
Is that a feature or a bug?
-Mads
Beta Was this translation helpful? Give feedback.
All reactions