I'm trying to do the (almost) same thing as CA SSO OpenID Connect Provider - with Apache OpenID Client
Differences are:
- all running on Linux
- not prepared dumpvars.bat equivalent yet
- using html form auth scheme
When I accessed the example page on apache httpd with mod_auth_openidc, authentication screen appeared as expected (as a result of accessing /affwebservices/secure/secureredirect on AG).
But even if I put right username/password, the authentication screen appeared again.
Here's the snippet of the sequence.
/affwebservices/CASSO/oidc/authorize
/affwebservices/secure/secureredirect
/siteminderagent/forms/login.fcc
/affwebservices/secure/secureredirect
/affwebservices/CASSO/oidc/authorize
/affwebservices/secure/secureredirect
/siteminderagent/forms/login.fcc
This means that looping happened at OP side.
What might cause authentication looping?
Other things I should mention are:
- SSL enabled with self signed certificate at httpd
- session store enabled
- only /affwebservices/secure/secureredirect was protected by domain
Any comments are appreciated.
Thanks,
Yoshio