Adrian, There are specific instructions [here](http://www.gluu.org/docs/articles/mod-auth-oidc) for centos and ubuntu. Did you follow these? Its a good way to get started. Once you have dynamic config working, you should switch to non-dynamic. I don't like the way mod_auth_oidc handles discovery--it would confuse users.

Hi, Adrian ServerName mostly is used for two purposes: 1) To select a correct virtual host in case Apache is configured with several name-based virtual hosts listening on the same ip:port 2) To construct redirection urls (actually, it's optional and this behaviour is controlled by several other options) You really should consult Apache's docs [here](http://httpd.apache.org/docs/2.4/), they are very well-written. Just search for any unknown directive you will find in .conf files using search function there. >what is the "OIDCRedirectURI" entry for? For complete list and description of all mod_oidc's options please consult this [doc](https://github.com/pingidentity/mod_auth_openidc/blob/master/auth_openidc.conf). To answer your question: > # The redirect_uri for this OpenID Connect client; this is a vanity URL > # that must ONLY point to a path on your server protected by this module > # but it must NOT point to any actual content that needs to be served. So this is a fictional url leading to some page on the site which is protected by `mod_oidc` (it must NOT point to any real resource, but at the same time it MUST lead to the namespace which is governed by `mod_oidc`); it some sort of trigger, upon following it OpenID Connect session should be started and you should get redirected to your IdP for authentication (if all other settings are correct). Btw, if you will try to set it up under CentOS7 for any reason, be advised that it's very likely that it get partially blocked by selinux (which is enabled by default there), and you will need to either disable it, or change policies manually for certain files `mod_oidc` needs to read/modify. Regards, Alex.

Hi Michael, I am using the GLUU instructions, but I am using the instructions posted on this page: http://www.gluu.org/docs/reference/mod_auth_oidc/centos-installation/ Not the ones on this page: (the ones you mentioned) http://www.gluu.org/docs/articles/mod-auth-oidc/ The instructions look the same, but I'm not sure if one is better than the other. I am not completely sure if I should be setting up the client website on the container's apache webserver or the apache webserver running outside of the container. Thanks, Adrian

> I am not completely sure if I should be setting up the client website on the container's apache webserver or the apache webserver running outside of the container. If you would like an advice, it should be neither of these, especially when you aren't proficient with Apace and mod_oidc enough. If you are setting it up in some vm on your local machine, it would be easier to create another one just for the sake of hosting the test site, protected with mod_oidc.

You can either use the apache folder to deploy your app, or proxy from the container. The app should look for the id_token, and if not present, the person did not authenticate.

Thanks guys, I'm going to try this one last time on the same server and then setup on a separate server to test it that way as well. I'm hoping I won't have problems with DNS from the new server running the client. I'm not sure what to enter for the server name, but I'll try a couple options when I get to that point. I don't have a nice short DNS entry for my GLUU server, but I'll try a few things and work with that I can come up with. Adrian

In reply to "Aliaksandr Samuseu" Hi Aliaksandr, Thanks for the explanations above. I looked at this [page](http://httpd.apache.org/docs/2.4/vhosts/name-based.html) on the apache website previously but it was not completely clear until I talked with a friend to explain the default options and to also realized that tomcat hold the server site and apache is only acting as a proxy for the requests. I will look at this [page](https://github.com/pingidentity/mod_auth_openidc) for help with the module. It's good to know the specifics of oidc so I can configure more options later. Your explanation of the "OIDCRedirectURI" was great. Thank you. This helps explain a few things. :-)