1

I'm trying to get the mod_auth_openidc apache module running on an ubuntu server. My problem is, apache doesn't recognize the commands of the module although it is enabled (checked with apachectl -M) and crashes with the following message from systemctl:

● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: failed (Result: exit-code) since Mo 2016-09-05 15:43:59 CEST; 1min 8s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4357 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 4383 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]:  * The apache2 configtest failed.
Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]: Output of config test was:
Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]: AH00526: Syntax error on line 182 of /etc/apache2/apache2.conf:
Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]: Invalid command 'OIDCProviderMetadataURL', perhaps misspelled or defined by a module not included in the server configuration
Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]: Action 'configtest' failed.
Sep 05 15:43:59 vbox-ubuntu-shib apache2[4383]: The Apache error log may have more information.
Sep 05 15:43:59 vbox-ubuntu-shib systemd[1]: apache2.service: Control process exited, code=exited status=1
Sep 05 15:43:59 vbox-ubuntu-shib systemd[1]: Failed to start LSB: Apache2 web server.
Sep 05 15:43:59 vbox-ubuntu-shib systemd[1]: apache2.service: Unit entered failed state.
Sep 05 15:43:59 vbox-ubuntu-shib systemd[1]: apache2.service: Failed with result 'exit-code'.

Relevant apache2.conf section:

OIDCProviderMetadataURL testUrl.com
OIDCClientID testId
OIDCClientSecret testSecret

OIDCRedirectURI http://example.de
OIDCCryptoPassphrase testPassword

Alias "/secure-openid" "/var/www/secure"
<Location /secure-openid>
    AuthType openid-connect
    Require valid-user
</Location>

Output of apachectl -M :

Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authopenid_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 setenvif_module (shared)
 mod_shib (shared)
 status_module (shared)

libapache2-mod-auth-openid version: 0.8-1build1

apache2 version: 2.4.18-2ubuntu3.1

I have absolutely no idea where this problem comes from, thanks in advance for your help!

Improve this question

1 Answer 1

Reset to default
1

Your apachectl -M output shows the authopenid_module module but that is the legacy OpenID 2.0 module from https://github.com/bmuller/mod_auth_openid. You need to make sure that auth_openidc_module is loaded instead, which is the OpenID Connect implementation from https://github.com/pingidentity/mod_auth_openidc that you're looking to use.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have the same problem, but I am using auth_openidc_module. The module seems to be loaded correctly. Could there be other causes for this error?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.