Support for Require claim directive #1
Comments
|
The current state of things is that you cannot (yet) use any native |
|
Unfortunately that will not work for our use case - we want to do the audience validation in the DMZ, which means it must be done in the web tier. Would you recommend we use mod_auth_openidc at this time? Do you expect to support this type of validation in the future? |
|
I recommend that you use mod_auth_openidc for the time being indeed. I am turning this into a feature request. |
zandbelt
added
enhancement
|
would you be able to test the latest commit? I have added support for Require claim directives... |
Is there an RPM installer available that I can use to install it on a test server of ours? |
|
Any luck with testing? |
Sorry, we had a holiday weekend and I am just getting caught up from that. I should be able to run some tests tomorrow (May 31). |
|
how did it work out? |
|
How do I use these claims? Is it possible to set a specific hd that I want in the jwt? I have tried <Location /secure> |
|
you need |
|
Thank you for the quick reply, is it possible to chain multiple together? I have tried It seems to only take the last item, and the first item is ignored. |
|
By default Apache considers this as a logical OR, in 2.4.x you can use RequireAll to create a logical AND. <RequireAll>
Require oauth2_claim hd:mySite.com
Require oauth2_claim email:me@mySite.com
</RequireAll> |
|
Again, thank you for the quick response! I appreciate the work you have done with this and helping those that don't have the strong understanding of Oauth & Apache that you do. |
We were looking to use mod_auth_openidc as a resource server, but saw the deprecation comments in the sample config referencing this plug-in. We need to validate the audience (aud) field in our access token. Is this supported? I reviewed the sample config file provided, but did not see a way to do this.
The text was updated successfully, but these errors were encountered: