Hello, is there maybe somebody already have expirience with apache2 openidc mod?
I really spend a lot of time to realize that, how to make it work.
There is Kibana, I would really like to implement full authentication with apache2 and keycloak for kibana, this is my first time with keycloak and some experience with apache2…
I want to implement SSO authentication for the Kibana community version (for a paid subscription of kibana, everything is implemented quite easily, but there is only pain for community version of kibana) after spending many days for researching, I still could not find an article that was understandable to me with a workable way to configure SSO for Kibana using keylock and apache2.
Perhaps there are people here who are already had experience with that, and ready to help me or direct me on the right path?
Thank you.
I may not have understood your question – were you looking for instructions such as these: Apache OpenID Connect example
Hello melancholia thank you very much for your answer.
for the couple of weeks I have been puzzling over the implementation of the sso for kibana with the keycloack and apache, all the time I get random errors, but I can’t get on the right path… there is an ubuntu virtual machine with keycloak on port 8080 kibana on port 5601 and apache with the mod_outn_apenids.co mod
my goal is to set up a simple POC setup for virtual machine so that I can only access kibana after logging into keycloak, I don’t have enough experience with apache, and with keyсlock I didn’t have any experience at all… want to implement access to kibana only after authorization in keyсlock, but since I’m new to apache, it seems to me that the solution is very close (or not)…
Apache2 config:
LoadModule auth_openidc_module modules/mod_auth_openidc.so
ServerName 192.168.56.101
Listen 5602
<VirtualHost *:5602>
ServerAdmin webmaster@localhost
OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
OIDCProviderMetadataURL http://192.168.56.101:8080/realms/master/.well-known/openid-configuration
OIDCClientID demo1
OIDCClientSecret mhqmlS103ZmscEeMNZstP1pLP8WHrQM3
OIDCRedirectURI http://192.168.56.101
OIDCSSLValidateServer On
<Location /app>
AuthType openid-connect
Require valid-user
LogLevel debug
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName 192.168.56.101
ProxyPreserveHost On
ProxyPass / http://localhost:5601/
ProxyPassReverse / http://localhost:5601/
</VirtualHost>
Keycloak client config:
Root URL
http://192.168.56.101:5602
Home URL
http://192.168.56.101:5602/app/home
Valid redirect URIs
http://192.168.56.101:5602/app/home
http://192.168.56.101:5602/redirected_uri
http://192.168.56.101/
http://192.168.56.101:5602
http://192.168.56.101/app/home
If anyone is interested, I managed to get a more or less workable POC single-sign-in for Kibana using Apache 2 and Keycloack…
ServerName 192.168.56.101
Listen 5601
apache2 virtualhost
<VirtualHost *:5601>
OIDCCryptoPassphrase a-random-secret-used-by-apache-oidc-and-balancer
OIDCProviderMetadataURL http://(HOST):8080/realms/master/.well-known/openid-configuration
OIDCClientID OIDCClientID
OIDCClientSecret OIDCClientSecret
OIDCRedirectURI http://(HOST)/kibana
OIDCSSLValidateServer Off
<Location />
AuthType openid-connect
Require valid-user
ProxyPass http://localhost:5600/
ProxyPassReverse http://localhost:5600/
ProxyPreserveHost On
LogLevel debug
</Location>
</VirtualHost>
kibana.yml
server.port: 5600
server.basePath: "/kibana"
server.rewriteBasePath: true
server.publicBaseUrl: "http://localhost:5600/kibana"
server.name: "HOST_IP"