[bareos-users] BareosWebUI and OpenID

Fri, 06 Mar 2026 05:59:47 -0800 

Hello Everyone,

I'm trying to setup Bareos WebUI authentification with Keycloack. 
I've installed mod_auth_openidc.so. All the SSO/Keycloack part works. I'm 
getting token. 
The problem is that i get stucked on the login page even if the SSO Token 
is ok. 

Here's th config file of apache. 

/etc/apache2/conf-available/bareos-webui.conf 
<VirtualHost *:443>
    ServerName bareos-preprod.xxx.xxx

    SSLEngine on
    SSLCertificateFile    /etc/apache2/ssl/bareos.crt
    SSLCertificateKeyFile /etc/apache2/ssl/bareos.key

    RedirectMatch ^/$ /bareos-webui/

    OIDCProviderMetadataURL 
https://websso.xxx.xxx/auth/realms/xxxx/.well-known/openid-configuration
    OIDCClientID            bareos-webui
    OIDCClientSecret        xxxxxxxxxxxxxxxxxxxxxxxxxx
    OIDCRedirectURI         https://bareos-preprod.xxx.xxx/oidc_callback
    OIDCRemoteUserClaim     preferred_username
    OIDCResponseType        code
    OIDCScope               "openid email profile"
    OIDCCryptoPassphrase    xxxxxxxxxxxxxxxxxxxxxxx
    OIDCSessionMaxDuration  7200                       
    OIDCSessionInactivityTimeout 1800                  
    OIDCSessionType         server-cache               
    OIDCCookiePath          /
    OIDCCookieHttpOnly      On
    OIDCCookieSameSite      Off
    
    Alias /bareos-webui /usr/share/bareos-webui/public

    <Directory /usr/share/bareos-webui/public>
        Options FollowSymLinks
        AllowOverride None
        Require all granted

        <IfModule mod_rewrite.c>
            RewriteEngine on
            RewriteBase /bareos-webui
            RewriteCond %{REQUEST_FILENAME} -s [OR]
            RewriteCond %{REQUEST_FILENAME} -l [OR]
            RewriteCond %{REQUEST_FILENAME} -d
            RewriteRule ^.*$ - [NC,L]
            RewriteRule ^.*$ index.php [NC,L]
        </IfModule>
    </Directory>

    <Location /bareos-webui>
        AuthType openid-connect
        Require valid-user

        RequestHeader set X-Forwarded-User %{REMOTE_USER}s
    </Location>

    <Location /oidc_callback>
        AuthType openid-connect
        Require valid-user
    </Location>

    LogLevel auth_openidc:debug
</VirtualHost>

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/bareos-users/d1acc941-c626-4ee6-966f-7a4592b6eaedn%40googlegroups.com.

Reply via email to