Our team uses an OOD deployment (v1.8.20) that works behind Apache with
mod_auth_openidc (GitHub - zmartzone/mod_auth_openidc: OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x). We use Keycloak as our authentication server.
In one of our apps we would like to use impersonation features available in OOD that would allow us to browse exposed filesystem as a logged-in user.
To do this, we authenticate in a separate client app and obtain an access token from Keycloak. Then we would like to pass this token to OOD directly (actually to
mod_auth_openidc that’s in front of it) to access the resources.
After following instructions on OAuth 2.0 Resource Server · zmartzone/mod_auth_openidc Wiki · GitHub we put this configuration to OOD config file:
<Location /pun/sys/files/api/> AuthType oauth20 Require valid-user </Location>
However, HTTP requests with headers:
GET (...)/pun/sys/files/api/v1/fs/gpfs/data/ Accept: application/json Authorization: Bearer <TOKEN>
don’t seem to work and a
401 Unauthorized is returned.
Is it possible to access OOD API with
mod_auth_openidc with bearer tokens? Is there any recommended path to access these resources?
Thank you for any information and/or hints.