Auth not triggered from .htaccess after update from 2.4.12 to 2.4.17 · OpenIDC/mod_auth_openidc · Discussion #1344

darxmurf
Aug 13, 2025

Hi all,

Just upgraded a debian server to trixie and libapache2-mod-auth-openidc moved from 2.4.12 to 2.4.17.

Lets say I have https://mypage.myinternalsite.tld/auth-area/

Before the update, a simple .htaccess in ./auth-area/ containing

AuthType openid-connect
OIDCCookie oidcstate
OIDCCookiePath "/"
Require claim myusername:frank
Require claim myusername:roger

Was enough to trigger the authentication page but now it doesn't and drops me to an error page with AH01631: user : authorization failure for "/auth-area": in the logs

it's working if I add
Require valid-user

but then it's bypassing the other filters.

Any advise about that?
Thanks

EDIT:

Workaround (or good way to configure it?) I added this in my apache conf file and it fixes the issue

<Location "/">
 AuthType openid-connect
 OIDCCookie oidcstate
 OIDCCookiePath /
</Location>

Replies: 1 comment

zandbelt
Aug 14, 2025
Maintainer

see the release notes for 2.4.17.2 https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.17.2

0 replies

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Auth not triggered from .htaccess after update from 2.4.12 to 2.4.17 #1344

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

darxmurf
Aug 13, 2025

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

zandbelt
Aug 14, 2025
Maintainer

Select a reply

Uh oh!

Uh oh!

Auth not triggered from .htaccess after update from 2.4.12 to 2.4.17 #1344

Uh oh!

Uh oh!

darxmurf Aug 13, 2025

Replies: 1 comment

Uh oh!

zandbelt Aug 14, 2025 Maintainer

darxmurf
Aug 13, 2025

zandbelt
Aug 14, 2025
Maintainer