I am setting up a legacy web application behind Apache.
I want to enable only authenticated users to access it and we are using Office 365 and we have Azure AD accounts.
We've decided that mod_auth_openidc can be a possible solution, but for some reason it is not working (yet;))
I am getting the following error from the module on URL "https://my.nice.server/secure/redirect_uri":
Error:
OpenID Connect Provider error: Error in handling response type.
This my Apache
configuration:
OIDCProviderMetadataURL https://login.microsoftonline.com/common/.well-known/openid-configuration
OIDCClientID XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
OIDCClientSecret YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
OIDCRedirectURI https://my.nice.server/secure/redirect_uri
OIDCCryptoPassphrase ZZZZZZZZZZZZZZZZZZZZZZZ
OIDCResponseType id_token
OIDCResponseMode form_post
<Location />
AuthType openid-connect
Require valid-user
</Location>
I tried to look at the sources of mod_auth_openidc but I couldn't sort out...
Any ideas?
Your OIDCProviderMetadataURL should point specifically to your tenant so it should be something like:
https://sts.windows.net/[TENANT_ID]/.well-known/openid-configuration
See also: https://github.com/zmartzone/mod_auth_openidc/wiki/Azure-OAuth-2.0-and-OpenID-Connect