Change default header prefix from "OIDC_CLAIM_" to "Oidc-Claim-" #707
Comments
|
this dropping is not about headers but about environment variables specifically in CGI environments, so I don't think it justifies changing the default -which in the majority cases is headers, not environment variables |
|
Thanks for prompt attention to this, but I am baffled at your mention of CGI environments. I'm using ProxyPass and ProxyPassReverse configuration options to pass REST requests on to a running python app, not having Apache httpd launch a Perl or PHP script to process a request. And I'm not asking to change mod-auth-openidc on environment variables, only on HTTP request headers. But hey, the note when I opened this issue said "all issues will be closed" and by gosh, it sure was. |
|
FYI there is now a setting OIDCClaimPrefix, so you can set for example Of course, that doesn't help you if the claim you're interested in also contains an underscore, like Aside: gunicorn 22.0 recently decided to drop headers containing underscore by default, which causes problems if Apache+mod_auth_openidc is in front, although there is a setting to override this behaviour ( |
Please consider this improvement request to use a different default prefix on headers set by mod-auth-openidc.
I understand that Apache HTTPD as of version 2.4 silently drops headers with underscore characters. The default prefix used by mod-auth-openidc is "OIDC_CLAIM_". With this default, requests proxied to another app arrive with no OIDC claim headers. The workaround is to change the prefix using a config line, for example
OIDCClaimPrefix Oidc-Claim-, then the proxied requests have the expected claims in headers.Also FWIW, Apache HTTPD 2.4 coerces header names to initial cap, rest lower case. I tried
OIDC-CLAIM,oIDC-cLAIM-and other variations, but every single one arrives asOidc-Claim-. For example, with the prefix mentioned above in place, the user claim arrives asOidc-Claim-Sub.Thanks.
The text was updated successfully, but these errors were encountered: