Bad userinfo response: Unauthorized
Concerned version
Version: master + 2.0.0
Platform: Apache
Summary
When a client requests the userinfo endpoint, the OIDC Lemonldap provider can't find Authorization header. (Apache only)
Logs
Debug log on client side:
Bad userinfo response: Unauthorized
Debug log on server side:
Unable to get access_token
Fix
This problem already appeared on previous versions of LemonLDAP. I think this is just a regression, and can be fixed by the following:
_example/etc/portal-apache2.X.conf
_example/etc/portal-apache2.conf
_example/etc/portal-apache2.4.conf
before:
RewriteEngine On
# For performances, you can put static html files: simply put the HTML
# result (example: /oauth2/checksession.html) as static file. Then
# uncomment the following line.
# RewriteCond "%{REQUEST_FILENAME}" "!\.html$"
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
after (2 lines added):
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
# For performances, you can put static html files: simply put the HTML
# result (example: /oauth2/checksession.html) as static file. Then
# uncomment the following line.
# RewriteCond "%{REQUEST_FILENAME}" "!\.html$"
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
If it is ok for you, @guimard, @maudoux, @clement_oudot I can fix this in master.