Redirect user to different content other than "OIDCRedirectURI" #875

mzico · 2022-06-24T14:31:46Z

mzico
Jun 24, 2022

Hi,

To present my scenario:

https://myapp.com/login
https://myapp.com/content

My OIDCRedirectURI is pointing https://myapp.com/login for authentication. ( Meaning: https://myapp.com/login --> OIDC Provider for authentication --> successful authentication ).

Now, I would like my user to land into https://myapp.com/content instead of https://myapp.com/login after successful authentication. Is that possible?

According to mod_auth_oidc documentation:

# (Mandatory)
# The redirect_uri for this OpenID Connect client; this is a vanity URL
# that must ONLY point to a path on your server protected by this module
# but it must NOT point to any actual content that needs to be served.
# You can use a relative URL like /protected/redirect_uri if you want to
# support multiple vhosts that belong to the same security domain in a dynamic way
#OIDCRedirectURI https://www.example.com/protected/redirect_uri

zandbelt · 2022-06-24T17:00:05Z

zandbelt
Jun 24, 2022
Maintainer

that's the default behavior, just protect /content with AuthType openid-connect and it should work like you describe when you access /content

6 replies

zandbelt Jun 27, 2022
Maintainer

that's more of an Apache question than an authentication question: you could create a permanent redirect or configure a condition to check for the session cookie and, if it does not exist, redirect to /content

Clivern Sep 14, 2023

@zandbelt I came across this and it works perfectly fine so thanks. but it seems to ignore the anchor links something like
http://example.com/sub1/sub2/sub3/#sub4/d?x=y&z=k

will send back to

http://example.com/sub1/sub2/sub3

Ignoring whatever after the #..

I think it has to do with this function https://github.com/OpenIDC/mod_auth_openidc/blob/master/src/util.c#L767-L793 not capturing anchor links

zandbelt Sep 14, 2023
Maintainer

no, fragments never reach the server again: https://stackoverflow.com/questions/940905/can-i-read-the-hash-portion-of-the-url-on-my-server-side-application-php-ruby

Clivern Sep 14, 2023

Hmmm interesting! Thanks @zandbelt

MuhammedGenco94 Jan 3, 2024

Thanks, this conversation was helpful for my problem, too.
The fragments after Hash # were the root cause

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Redirect user to different content other than "OIDCRedirectURI" #875

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 6 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Redirect user to different content other than "OIDCRedirectURI" #875

Uh oh!

mzico Jun 24, 2022

Replies: 1 comment · 6 replies

Uh oh!

zandbelt Jun 24, 2022 Maintainer

Uh oh!

zandbelt Jun 27, 2022 Maintainer

Uh oh!

Uh oh!

Clivern Sep 14, 2023

Uh oh!

zandbelt Sep 14, 2023 Maintainer

Uh oh!

Clivern Sep 14, 2023

Uh oh!

MuhammedGenco94 Jan 3, 2024

mzico
Jun 24, 2022

Replies: 1 comment 6 replies

zandbelt
Jun 24, 2022
Maintainer

zandbelt Jun 27, 2022
Maintainer

zandbelt Sep 14, 2023
Maintainer