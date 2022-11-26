I have been playing with Keycloak and integration OIDC into apache to protect some parts of a test website. Mainly a learning activity more than anything else.

Everything was going fairly well - have managed to get OIDC auth setup for specific subdirectories on a website, it redirects and allows me to login. Then I can use php to access the $_SERVER[OIDC*] claims passed back to a page beneath that directory (or another protected directory that also has OIDC configured for).

There are two parts that have me confused though.

How can I access the OIDC claims for a part of the website that is not using the <location> Require valid-user </location>? The use case here is wanting to allow www.example.com to be accessible without auth, but then if you are authenticated, then I can access the OIDC claims to display specific content to you in pages written in php.

If I auth to example.com/subdirectory/ which is protected by OIDC auth only (no anonymous login) I am forced to login.

If I then browse to example.com/, I cannot access the OIDC information. What exactly is the redirect_uri for? what should it be set to? I cant seem to find a succinct answer to this question?

Anyone have any ideas? This stuff is reasonably fresh to me.