I use Debian 8.0 running an Apache v.2.4.10 and I try to add the OpenID Connect module named libapach2-mod-auth-openidc version 1.6.0.
After installing the module, I enable it with the command: sudo a2enmod auth_openidc. This works fine and now I want to restart the Apache server with sudo service apache2 restart, which leads me to an error
"Job for apache2 failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details."
The result of
systemctl status apache2.service
shows an error while starting the server, but no detailed information of the error (code=exited, status=1/FAILURE).
And the result of
journalctl -xn
tells, that there are no journals.
So if I am disabling the auth_openidc module, the Apache server starts again without problems.
Details of the Configuration:
auth_openidc module was not changed by me neither at this time!Can someone explain why Apache with the enabled auth_openidc module would not start anymore?
After installing libapache2-mod-auth-openidc you will have to configure some settings before the module can be used successfully. Two of the mandatory settings are OIDCRedirectURI and OIDCCryptoPassphrase. Most probably you'll also have to configure client credentials for your OpenID Connect provider. You can take a look at the sample configurations at: https://github.com/pingidentity/mod_auth_openidc#openid-connect-sso-with-google-sign-in
Errors/warnings about the missing configuration directives should be displayed in: /var/log/apache2/error.log
While we're at it, I would also advise you to use the latest version 1.8.1 from https://github.com/pingidentity/mod_auth_openidc/releases