Reputation: 141
Apache interacting with Tomcat through mod_auth_openidc
I need to connect an Apache webserver on port 8079 with a Tomcat instance on port 8080 through mod_auth_openidc module (for a specific login). The purpose is to carry on the user identification through OpenID Connect to the webapp hosted on Tomcat with no need of further login request.
I configure OIDC according the OIDC server request (e.g. Google) and registered the client, I also enabled mod_jk. I'm not able to reach last mile. I also considered to use the PROXY/REVERSEPROXY within the virtualhost section on http.config apache file. So far this is not correcting redirecting as supposed..
Can someone provide help?
Upvotes: 1
Views: 1484
Answers (2)
Reputation: 627
The solution you own provided isn't enough when the backend needs to have access to user information for authorization or data isolation.
I found a more complete way to archive it.
<Location "/tomcat">
AuthType openid-connect
Require valid-user
RequestHeader set Authorization "Bearer %{OIDC_access_token}e"
ProxyPass "http://tomcat:8080"
ProxyPassReverse "http://tomcat:8080"
</Location>
Upvotes: 0
Reputation: 54118
You can use the following configuration to proxy a path protected by mod_auth_openidc to a backend server like Tomcat:
<Location "/">
AuthType openid-connect
Require valid-user
ProxyPass http://tomcat:8080/
ProxyPassReverse http://localhost:8080/
</Location>
Upvotes: 0
Related Questions
- Unable to integrate Tomcat with Apache HTTP Server
- authentication for custom web application with mod_auth_openidc
- Redirect Loop while using Apache mod auth openidc module
- mod_auth_openidc with Apache2.4 reverse proxy
- Tomcat 8.5 digested authentication
- Apache doesn't recognize mod_auth_openidc commands
- java tomcat: how to use JOAuth properly
- Integration between Apache and Tomcat - mod_jk
- Emulate and/or Enable Single Sign On in Tomcat using AJP
- Mutual Authentication on Tomcat 7 and request.getUserPrincipal()