We have used mod auth openidc module in Apache server connected to Okta OIDC.
After login into okta -we get multiple redirects back to redirection and again back to okta.
Something similar to below issue :
As discussed in this issue.
https://github.com/zmartzone/mod_auth_openidc/issues/181
I have made sure that the redirect_uri is separate than the actual url page load url
My set up is exactly as below with a vanity redirection url which is protected
# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT
point to any content
OIDCRedirectURI https://www.example.com/example/redirect_uri
OIDCCryptoPassphrase <password>
<Location /example/>
AuthType openid-connect
Require valid-user
ProxyPass backendangular/
ProxyPassReverse backendangular/
</Location>
2
Answers
We had CDN in front of the Apache server. CDN was caching everything and therefore the cookie was not being set properly. CDN was respecting all headers like the nocache header params from Apache.
Adding No cache header like below fixed the issue.
Enable Sticky Session
We faced similar challenge of a continuous loop redirection when had two apache backend servers with a load balancer.
Load Balancer was configured with Round Robin and the first server did validation but the next request went to other server which again called authenticatio.
we fixed the issue enabling Sticky Session on the load balancer