2023-08-08 22:03:04 |
Freerk-Ole Zakfeld |
description |
When using mod_auth_openidc to authenticate against a Keycloak IDP, there needs to be the additional option `OIDCTokenBindingPolicy "disabled"` set. This will prevent mod_auth_openidc from including the field `id_token_token_binding_cnf ` which, as of now, is not supported by Keycloak (see https://github.com/keycloak/keycloak/issues/22323 for reference).
Since wsgi-keystone.conf is not merged with custom config, it is not very easy to change this option without creating an entire own full config. |
When using mod_auth_openidc to authenticate against a Keycloak IDP, there needs to be the additional option `OIDCTokenBindingPolicy "disabled"` set. This will prevent mod_auth_openidc from including the field `id_token_token_binding_cnf ` which, as of now, is not supported by Keycloak (see https://github.com/keycloak/keycloak/issues/22323#issuecomment-1670311035 for reference).
Since wsgi-keystone.conf is not merged with custom config, it is not very easy to change this option without creating an entire own full config. |
|