From c64a3772efadd08b312e3fb34f0252ef8205aa8c Mon Sep 17 00:00:00 2001 From: polz Date: Wed, 30 Jul 2025 17:13:19 +0200 Subject: [PATCH] Role za apache_openidc bi moral delovati na fresh installu --- roles/apache_openidc/tasks/main.yml | 17 ++++++++++------- .../templates/mod-auth-openidc.conf | 5 +++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/roles/apache_openidc/tasks/main.yml b/roles/apache_openidc/tasks/main.yml index 90721e5..b49b67b 100644 --- a/roles/apache_openidc/tasks/main.yml +++ b/roles/apache_openidc/tasks/main.yml @@ -1,13 +1,16 @@ -- name: Install Apache OIDC module - apk: - name: apache-mod-auth-openidc - state: latest - update_cache: true - repository: http://dl-cdn.alpinelinux.org/alpine/edge/testing - +- name: Enable testing repository + lineinfile: + path: /etc/apk/repositories + line: "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" - name: Create config file template: src: mod-auth-openidc.conf dest: /etc/apache2/conf.d/mod-auth-openidc.conf +- name: Install Apache OIDC module + apk: + name: apache-mod-auth-openidc@testing + state: latest + update_cache: true + diff --git a/roles/apache_openidc/templates/mod-auth-openidc.conf b/roles/apache_openidc/templates/mod-auth-openidc.conf index 7ebb02f..a68922f 100644 --- a/roles/apache_openidc/templates/mod-auth-openidc.conf +++ b/roles/apache_openidc/templates/mod-auth-openidc.conf @@ -708,8 +708,8 @@ OIDCStateMaxNumberOfCookies 7 true # and the OIDCCacheShmEntrySizeMax value has to be increased. # When not specified, a default entry size of 16928 bytes (16384 value + 512 key + 32 overhead) is used. #OIDCCacheShmEntrySizeMax -# (65536 bytes + 512 bytes key + 17 bytes overhead) -OIDCCacheShmEntrySizeMax 66065 +# (65536 bytes + 512 bytes key + 24 bytes overhead) +OIDCCacheShmEntrySizeMax 66072 # When using OIDCCacheType "file": # Directory that holds cache files; must be writable for the Apache process/user. @@ -927,6 +927,7 @@ OIDCRemoteUserClaim upn # The access token is passed in OIDC_access_token; the access token expiry is passed in OIDC_access_token_expires. # The refresh token is only passed in OIDC_refresh_token if enabled for that specific directory/location (see: OIDCPassRefreshToken) #OIDCPassClaimsAs [none|headers|environment|both] [latin1|base64url|none] +OIDCPassClaimsAs both base64url # Specify the HTTP header variable name to set with the name of the authenticated user, # i.e. copy what is set in REMOTE_USER and configured in OIDCRemoteUserClaim or OIDCOAuthRemoteUserClaim.