Keycloak behind apache2 auth_openidc module

Hello, is there maybe somebody already have expirience with apache2 openidc mod?
I really spend a lot of time to realize that, how to make it work.

There is Kibana, I would really like to implement full authentication with apache2 and keycloak for kibana, this is my first time with keycloak and some experience with apache2…

I want to implement SSO authentication for the Kibana community version (for a paid subscription of kibana, everything is implemented quite easily, but there is only pain for community version of kibana) after spending many days for researching, I still could not find an article that was understandable to me with a workable way to configure SSO for Kibana using keylock and apache2.

Perhaps there are people here who are already had experience with that, and ready to help me or direct me on the right path?
Thank you.

I may not have understood your question – were you looking for instructions such as these: Apache OpenID Connect example

Hello melancholia thank you very much for your answer.

for the couple of weeks I have been puzzling over the implementation of the sso for kibana with the keycloack and apache, all the time I get random errors, but I can’t get on the right path… there is an ubuntu virtual machine with keycloak on port 8080 kibana on port 5601 and apache with the mod

my goal is to set up a simple POC setup for virtual machine so that I can only access kibana after logging into keycloak, I don’t have enough experience with apache, and with keyсlock I didn’t have any experience at all… want to implement access to kibana only after authorization in keyсlock, but since I’m new to apache, it seems to me that the solution is very close (or not)…

Apache2 config:

LoadModule auth_openidc_module modules/
Listen 5602

<VirtualHost *:5602>
    ServerAdmin webmaster@localhost
    OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
    OIDCClientID demo1
    OIDCClientSecret mhqmlS103ZmscEeMNZstP1pLP8WHrQM3
    OIDCSSLValidateServer On

    <Location /app>
       AuthType openid-connect
       Require valid-user
       LogLevel debug

<VirtualHost *:80>

    ProxyPreserveHost On
    ProxyPass / http://localhost:5601/
    ProxyPassReverse / http://localhost:5601/


Keycloak client config:

Root URL
Home URL
Valid redirect URIs

If anyone is interested, I managed to get a more or less workable POC single-sign-in for Kibana using Apache 2 and Keycloack…

Listen 5601

apache2 virtualhost
<VirtualHost *:5601>
    OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
    OIDCProviderMetadataURL http://(HOST):8080/realms/master/.well-known/openid-configuration
    OIDCClientID OIDCClientID
    OIDCClientSecret OIDCClientSecret
    OIDCRedirectURI http://(HOST)/kibana
    OIDCSSLValidateServer Off
    <Location />
       AuthType openid-connect
       Require valid-user
       ProxyPass http://localhost:5600/
       ProxyPassReverse http://localhost:5600/
       ProxyPreserveHost On
       LogLevel debug


server.port: 5600
server.basePath: "/kibana"
server.rewriteBasePath: true
server.publicBaseUrl: "http://localhost:5600/kibana" "HOST_IP"