mod_auth_openidc module dynamic authentication parameter

By: Sakit Atakishiyev user 20 Oct 2017 at 10:14 p.m. CDT

6 Responses
Sakit Atakishiyev gravatar
Hi everyone. I want to integrate `mod_auth_openidc` RP. I read this [doc](https://gluu.org/docs/ce/3.1.0/integration/sswebapps/openidc-rp/) and did everything. Now everything works normally. My question is how can I pass dynamically `acr_values` and `ui_locales` to my `OP` when `apache` server generate `authorization` url? I checked the `mod_auth_openidc` documenation they [explain](https://gluu.org/docs/ce/3.1.0/integration/sswebapps/openidc-rp/) how do this. But none of them worked for me. I could not pass these parameters automatically. Is there any othe way for doing this?
Ubuntu 16.04
closed

Answers

By Aliaksandr Samuseu staff 21 Oct 2017 at 8:37 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Sakit. Not quite sure what was meant by "pass dynamically", but if your basic setup done according to the docs works, it seems more like task of configuring `mod_auth_openidc` to me, so you should perhaps seek for answers in its docs/user community, as it's not directly related to Gluu. I would check [this page](https://github.com/pingidentity/mod_auth_openidc/blob/master/auth_openidc.conf), for one. May be `OIDCAuthRequestParams` will provide what you needs.

By Sakit Atakishiyev user 21 Oct 2017 at 8:48 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi Aliaksandr. I read the `mod_auth_openidc` user documentation. And I used `OIDCAuthRequestParams`. But this parameter is static as you read from documenation. I have 3 login mechanism. My user choose one of them. But because of `OIDCAuthRequestParams` is defined staticaly I could not change `acr_values`

By Aliaksandr Samuseu staff 21 Oct 2017 at 9:07 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
I haven't tried this approach, so can't suggest anything specific. May be somebody else on the team will know answer by chance. That really seems to me like question which belongs to `mod_auth_openidc` communities, you should be more lucky there. Please note that you also have an option to employ our own [paid] [oxd-server package](https://gluu.org/docs/oxd/3.0.1/), it will [allow you to do what you need](https://gluu.org/docs/oxd/3.0.1/protocol/#get-authorization-url) and this is solution we can provide support for.

By Sakit Atakishiyev user 21 Oct 2017 at 9:13 a.m. CDT

Copy
Sakit Atakishiyev gravatar
I know Aliaksandr and asked `mod_auth_openidc` communities already. We used `oxd-server` also. We also write our own tool like `oxd-server`. I read your documentation and see `mod_auth_openidc` the first time and try to implement. I did everything except this.

By Aliaksandr Samuseu staff 21 Oct 2017 at 9:17 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
If you think oxd-server may be used in this setup instead of `mod_auth_openidc`, may I suggest to take this route instead? We'll be able to offer you support in that case. Do you mean that you couldn't solve this your problem with oxd? Could you explain how it failed to solve it so we could perhaps suggest a solution?

By Sakit Atakishiyev user 21 Oct 2017 at 10:39 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Aliaksandr I just testing `mod_auth_openidc`. I mean we have not any problem :).

Post an answer