Role za apache_openidc bi moral delovati na fresh installu

roles/apache_openidc/tasks/main.yml

@@ -1,13 +1,16 @@
-- name: Install Apache OIDC module
+- name: Enable testing repository
-  apk:
+  lineinfile:
-    name: apache-mod-auth-openidc
+    path: /etc/apk/repositories
-    state: latest
+    line: "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing"
-    update_cache: true
-    repository: http://dl-cdn.alpinelinux.org/alpine/edge/testing
-
 
 - name: Create config file
   template:
     src: mod-auth-openidc.conf
     dest: /etc/apache2/conf.d/mod-auth-openidc.conf
 
+- name: Install Apache OIDC module
+  apk:
+    name: apache-mod-auth-openidc@testing
+    state: latest
+    update_cache: true
+

roles/apache_openidc/templates/mod-auth-openidc.conf

@@ -708,8 +708,8 @@ OIDCStateMaxNumberOfCookies 7 true
 # and the OIDCCacheShmEntrySizeMax value has to be increased.
 # When not specified, a default entry size of 16928 bytes (16384 value + 512 key + 32 overhead) is used.
 #OIDCCacheShmEntrySizeMax <bytes>
-#  (65536 bytes + 512 bytes key + 17 bytes overhead)
+#  (65536 bytes + 512 bytes key + 24 bytes overhead)
-OIDCCacheShmEntrySizeMax 66065
+OIDCCacheShmEntrySizeMax 66072
 
 # When using OIDCCacheType "file":
 # Directory that holds cache files; must be writable for the Apache process/user.
@@ -927,6 +927,7 @@ OIDCRemoteUserClaim upn
 # The access token is passed in OIDC_access_token; the access token expiry is passed in OIDC_access_token_expires.
 # The refresh token is only passed in OIDC_refresh_token if enabled for that specific directory/location (see: OIDCPassRefreshToken)
 #OIDCPassClaimsAs [none|headers|environment|both] [latin1|base64url|none]
+OIDCPassClaimsAs both base64url
 
 # Specify the HTTP header variable name to set with the name of the authenticated user,
 # i.e. copy what is set in REMOTE_USER and configured in OIDCRemoteUserClaim or OIDCOAuthRemoteUserClaim.