Redirect user to different content other than "OIDCRedirectURI" #875

mzico · 2022-06-24T14:31:46Z

mzico
Jun 24, 2022

Hi,

To present my scenario:

https://myapp.com/login
https://myapp.com/content

My OIDCRedirectURI is pointing https://myapp.com/login for authentication. ( Meaning: https://myapp.com/login --> OIDC Provider for authentication --> successful authentication ).

Now, I would like my user to land into https://myapp.com/content instead of https://myapp.com/login after successful authentication. Is that possible?

According to mod_auth_oidc documentation:

# (Mandatory)
# The redirect_uri for this OpenID Connect client; this is a vanity URL
# that must ONLY point to a path on your server protected by this module
# but it must NOT point to any actual content that needs to be served.
# You can use a relative URL like /protected/redirect_uri if you want to
# support multiple vhosts that belong to the same security domain in a dynamic way
#OIDCRedirectURI https://www.example.com/protected/redirect_uri

zandbelt · 2022-06-24T17:00:05Z

zandbelt
Jun 24, 2022
Maintainer

that's the default behavior, just protect /content with AuthType openid-connect and it should work like you describe when you access /content

6 replies

zandbelt Jun 27, 2022
Maintainer

that's more of an Apache question than an authentication question: you could create a permanent redirect or configure a condition to check for the session cookie and, if it does not exist, redirect to /content

Clivern Sep 14, 2023

@zandbelt I came across this and it works perfectly fine so thanks. but it seems to ignore the anchor links something like
http://example.com/sub1/sub2/sub3/#sub4/d?x=y&z=k

will send back to

http://example.com/sub1/sub2/sub3

Ignoring whatever after the #..

I think it has to do with this function https://github.com/OpenIDC/mod_auth_openidc/blob/master/src/util.c#L767-L793 not capturing anchor links