Apache with mod_auth_openidc and Azure AD is not working

Question

I am setting up a legacy web application behind Apache.

I want to enable only authenticated users to access it and we are using Office 365 and we have Azure AD accounts.

We've decided that mod_auth_openidc can be a possible solution, but for some reason it is not working (yet;))

I am getting the following error from the module on URL "https://my.nice.server/secure/redirect_uri":

Error:

OpenID Connect Provider error: Error in handling response type.

This my Apache

configuration:

OIDCProviderMetadataURL https://login.microsoftonline.com/common/.well-known/openid-configuration 
OIDCClientID XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
OIDCClientSecret YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
OIDCRedirectURI https://my.nice.server/secure/redirect_uri
OIDCCryptoPassphrase ZZZZZZZZZZZZZZZZZZZZZZZ
OIDCResponseType id_token
OIDCResponseMode form_post

<Location />
    AuthType openid-connect
    Require valid-user
</Location>

I tried to look at the sources of mod_auth_openidc but I couldn't sort out...

Any ideas?

Hans Z. · Accepted Answer · 2019-02-07T14:24:30.720

3

Your OIDCProviderMetadataURL should point specifically to your tenant so it should be something like:

https://sts.windows.net/[TENANT_ID]/.well-known/openid-configuration

See also: https://github.com/zmartzone/mod_auth_openidc/wiki/Azure-OAuth-2.0-and-OpenID-Connect

edited Feb 07 '19 at 14:24

answered Dec 14 '17 at 08:17

Hans Z.

50,496
12
102
115

Tenant ID which needed to be placed in the URI can be found as "Directory ID" under the AzureAD/Properties page. A bit confusing... – pmon Dec 14 '17 at 15:02

Apache with mod_auth_openidc and Azure AD is not working

1 Answers1