nikhilshinday · August 29, 2015 14:03
diff --git a/error_log b/error_log
 [Thu Jun 26 16:03:58 2014] [notice] caught SIGTERM, shutting down
 [Thu Jun 26 16:03:59 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
 [Thu Jun 26 16:03:59 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
 [Thu Jun 26 16:03:59 2014] [notice] Digest: generating secret for digest authentication ...
 [Thu Jun 26 16:03:59 2014] [notice] Digest: done
 [Thu Jun 26 16:03:59 2014] [warn] oidc_check_config_openid_openidc: the URL scheme (http) of the configured OIDCRedirectURI SHOULD be "https" for security reasons (moreover: some Providers may reject non-HTTPS URLs)
 [Thu Jun 26 16:03:59 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
 [Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_restore_proto_state: no "mod_auth_openidc_state" state cookie found
 [Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response
 [Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_authorization_response_match_state: unable to restore state
 [Thu Jun 26 16:04:31 2014] [error] [client 10.17.18.66] oidc_util_http_call: curl_easy_perform() failed on: https://www.googleapis.com/plus/v1/people/me/openIdConnect (Failed to connect to 2607:f8b0:400d:c04::5f: Network is unreachable), referer: http://www.nikhilshinday.com/
diff --git a/filehierarchy b/filehierarchy
                 html (root)
        |             |          |
    index[1].html   example  loggedout
                    |            |
                index[2].html  index[3].html

diff --git a/httpd.conf b/httpd.conf
 #snippet ofhttpd.conf

 LoadModule auth_openidc_module modules/mod_auth_openidc.so

 OIDCProviderIssuer accounts.google.com
 OIDCProviderAuthorizationEndpoint https://accounts.google.com/o/oauth2/auth?
 OIDCProviderTokenEndpoint https://accounts.google.com/o/oauth2/token
 OIDCProviderTokenEndpointAuth client_secret_post
 OIDCProviderUserInfoEndpoint https://www.googleapis.com/plus/v1/people/me/openIdConnect
 OIDCProviderJwksUri https://www.googleapis.com/oauth2/v2/certs

 OIDCClientID 201421660266-4iligu986sudg2bfv9voh3l9h0jmsb6b.apps.googleusercontent.com
 OIDCClientSecret wZAop4U-zovup989RJI5Ed2p

 OIDCScope "openid email profile"
 OIDCRedirectURI http://www.nikhilshinday.com/example/redirect_uri
 OIDCCryptoPassphrase test
 OIDCCookiePath /example/

 <Location "/example/" >
    AuthType openid-connect
    Require valid-user
 </Location>
diff --git a/index[1].html b/index[1].html
 <html>
 <body>
 click <a href="/example">here</a> for OpenID authentication (*hopefully*)
 </body>
 </html>
diff --git a/index[2].html b/index[2].html
 <html>
    <body>
    <a href="/example/redirect_uri?logout=https://www.nikhilshinday.com/loggedout">Logout</a>
  </body>
 </html>
diff --git a/index[3].html b/index[3].html
 <html>
 <body>
    <a href="/">return home</a>
 </body>
 </html>
	[Thu Jun 26 16:03:58 2014] [notice] caught SIGTERM, shutting down
	[Thu Jun 26 16:03:59 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
	[Thu Jun 26 16:03:59 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
	[Thu Jun 26 16:03:59 2014] [notice] Digest: generating secret for digest authentication ...
	[Thu Jun 26 16:03:59 2014] [notice] Digest: done
	[Thu Jun 26 16:03:59 2014] [warn] oidc_check_config_openid_openidc: the URL scheme (http) of the configured OIDCRedirectURI SHOULD be "https" for security reasons (moreover: some Providers may reject non-HTTPS URLs)
	[Thu Jun 26 16:03:59 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
	[Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_restore_proto_state: no "mod_auth_openidc_state" state cookie found
	[Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response
	[Thu Jun 26 16:04:14 2014] [error] [client 10.17.18.66] oidc_authorization_response_match_state: unable to restore state
	[Thu Jun 26 16:04:31 2014] [error] [client 10.17.18.66] oidc_util_http_call: curl_easy_perform() failed on: https://www.googleapis.com/plus/v1/people/me/openIdConnect (Failed to connect to 2607:f8b0:400d:c04::5f: Network is unreachable), referer: http://www.nikhilshinday.com/
	html (root)
	\| \| \|
	index[1].html example loggedout
	\| \|
	index[2].html index[3].html
	#snippet ofhttpd.conf

	LoadModule auth_openidc_module modules/mod_auth_openidc.so

	OIDCProviderIssuer accounts.google.com
	OIDCProviderAuthorizationEndpoint https://accounts.google.com/o/oauth2/auth?
	OIDCProviderTokenEndpoint https://accounts.google.com/o/oauth2/token
	OIDCProviderTokenEndpointAuth client_secret_post
	OIDCProviderUserInfoEndpoint https://www.googleapis.com/plus/v1/people/me/openIdConnect
	OIDCProviderJwksUri https://www.googleapis.com/oauth2/v2/certs

	OIDCClientID 201421660266-4iligu986sudg2bfv9voh3l9h0jmsb6b.apps.googleusercontent.com
	OIDCClientSecret wZAop4U-zovup989RJI5Ed2p

	OIDCScope "openid email profile"
	OIDCRedirectURI http://www.nikhilshinday.com/example/redirect_uri
	OIDCCryptoPassphrase test
	OIDCCookiePath /example/

	<Location "/example/" >
	AuthType openid-connect
	Require valid-user
	</Location>
	<html>
	<body>
	click <a href="/example">here</a> for OpenID authentication (hopefully)
	</body>
	</html>
	<html>
	<body>
	<a href="/example/redirect_uri?logout=https://www.nikhilshinday.com/loggedout">Logout</a>
	</body>
	</html>