...
The Apache module relies on the cjose library (for decoding JWTs) and libhiredis for the optional Redis shared session cache. (I had a small problem when installing on Fedora 24 as the binary release required libhiredis.so.0.12 but the installed version on my machine was 0.13. I got around this by creating a symbolic link from 0.12 to 0.13 on an assumption of backward compatibility. You might not be affected by this.)
Validate JWT Token
When making a request through Keycloak a header called OIDC_access_token will be added to the response headers. The access token can be validated using;
| Code Block |
|---|
curl http://localhost:8087/auth/realms/lin/protocol/openid-connect/token/introspect \
-d client_id=revalidation \
-d client_secret=longpassword \
-d "token=${ACCESS_TOKEN}" |
Configuring Apache
The Apache configuration needs to be set up to talk to Keycloak. There is an Apache configuration file fragment at https://github.com/Health-Education-England/TIS-SECURITY/blob/master/keycloak/httpd_openidconnect.conf.
...