I was trying to migrate from the OAuth 2.0 Resource Server to this module since it's been deprecated.
I get a Bearer error="invalid_request", error_description="No bearer token found in the request." whenever trying to validate the request.

Here is the stack trace for the error

[Mon Aug 03 17:41:01.621503 2020] [ssl:debug] [pid 2563] ssl_engine_kernel.c(1891): [client {client_ip}] AH02043: SSL virtual host for servername {hostname} found
[Mon Aug 03 17:41:01.763582 2020] [ssl:info] [pid 2563] [client {client_ip}] AH02008: SSL library error 1 in handshake (server {hostname}:443)
[Mon Aug 03 17:41:01.763639 2020] [ssl:info] [pid 2563] SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46)
[Mon Aug 03 17:41:01.763647 2020] [ssl:info] [pid 2563] [client {client_ip}] AH01998: Connection closed to child 0 with abortive shutdown (server {hostname}:443)
[Mon Aug 03 17:41:01.764073 2020] [ssl:info] [pid 2569] [client {client_ip}] AH01964: Connection to child 6 established (server {hostname}:443)
[Mon Aug 03 17:41:01.764189 2020] [ssl:debug] [pid 2569] ssl_engine_kernel.c(1891): [client {client_ip}] AH02043: SSL virtual host for servername {hostname} found
[Mon Aug 03 17:41:01.828553 2020] [ssl:debug] [pid 2569] ssl_engine_kernel.c(1824): [client {client_ip}] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Mon Aug 03 17:41:01.893904 2020] [ssl:debug] [pid 2569] ssl_engine_kernel.c(225): [client {client_ip}] AH02034: Initial (No.1) HTTPS request received for child 6 (server {hostname}:443), referer:{incoming_url}
[Mon Aug 03 17:41:01.893970 2020] [authz_core:debug] [pid 2569] mod_authz_core.c(809): [client {client_ip}] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer:{incoming_url}
[Mon Aug 03 17:41:01.893991 2020] [authz_core:debug] [pid 2569] mod_authz_core.c(809): [client {client_ip}] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer:{incoming_url}
[Mon Aug 03 17:41:01.894000 2020] [auth_openidc:debug] [pid 2569] src/mod_auth_openidc.c(3918): [client {client_ip}] oidc_check_user_id: incoming request: "/app-ui?(null)", ap_is_initial_req(r)=1, referer:{incoming_url}
[Mon Aug 03 17:41:01.894025 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Host: {hostname}:8443, referer:{incoming_url}
[Mon Aug 03 17:41:01.894033 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Connection: keep-alive, referer:{incoming_url}
[Mon Aug 03 17:41:01.894038 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Accept: */*, referer:{incoming_url}
[Mon Aug 03 17:41:01.894042 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Access-Control-Request-Method: POST, referer:{incoming_url}
[Mon Aug 03 17:41:01.894047 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Access-Control-Request-Headers: authorization,content-type, referer:{incoming_url}

[Mon Aug 03 17:41:01.894052 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Origin: http://localhost:4200, referer:{incoming_url}
[Mon Aug 03 17:41:01.894056 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Sec-Fetch-Mode: cors, referer:{incoming_url}
[Mon Aug 03 17:41:01.894060 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Sec-Fetch-Site: cross-site, referer:{incoming_url}
[Mon Aug 03 17:41:01.894063 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Sec-Fetch-Dest: empty, referer:{incoming_url}
[Mon Aug 03 17:41:01.894069 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Referer:{incoming_url}, referer:{incoming_url}
[Mon Aug 03 17:41:01.894075 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36, referer:{incoming_url}
[Mon Aug 03 17:41:01.894083 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Accept-Encoding: gzip, deflate, br, referer:{incoming_url}
[Mon Aug 03 17:41:01.894087 2020] [oauth2:debug] [pid 2569] src/http.c(154): [client {client_ip}] _oauth2_http_request_header_set_add_sanitized: Accept-Language: en-US,en;q=0.9, referer:{incoming_url}
[Mon Aug 03 17:41:01.894092 2020] [oauth2:debug] [pid 2569] src/server/apache.c(280): [client {client_ip}] oauth2_apache_request_context_init: created request context: 0x56124ffbba20, referer:{incoming_url}
[Mon Aug 03 17:41:01.894097 2020] [oauth2:debug] [pid 2569] src/mod_oauth2.c(190): [client {client_ip}] oauth2_check_user_id_handler: incoming request: "/endpoint?(null)" ap_is_initial_req=1, referer:{incoming_url}
[Mon Aug 03 17:41:01.894101 2020] [oauth2:debug] [pid 2569] src/mod_oauth2.c(107): [client {client_ip}] oauth2_request_handler: enter, referer:{incoming_url}
[Mon Aug 03 17:41:01.894109 2020] [oauth2:debug] [pid 2569] src/proto.c(45): [client {client_ip}] _oauth2_get_source_token_from_header: enter, referer:{incoming_url}
[Mon Aug 03 17:41:01.894115 2020] [oauth2:debug] [pid 2569] src/util.c(905): [client {client_ip}] oauth2_nv_list_get: Authorization=(null), referer:{incoming_url}
[Mon Aug 03 17:41:01.894131 2020] [oauth2:debug] [pid 2569] src/proto.c(84): [client {client_ip}] _oauth2_get_source_token_from_header: leave: (null), referer:{incoming_url}
[Mon Aug 03 17:41:01.894135 2020] [oauth2:debug] [pid 2569] src/proto.c(341): [client {client_ip}] oauth2_get_source_token: no source token found in any of the configured methods: 2, referer:{incoming_url}
[Mon Aug 03 17:41:01.894139 2020] [oauth2:debug] [pid 2569] src/server/apache.c(321): [client {client_ip}] oauth2_apache_return_www_authenticate: enter, referer:{incoming_url}
[Mon Aug 03 17:41:01.894144 2020] [oauth2:debug] [pid 2569] src/server/apache.c(413): [client {client_ip}] oauth2_apache_hdr_out_add: WWW-Authenticate: Bearer error="invalid_request", error_description="No bearer token found in the request.", referer:{incoming_url}
[Mon Aug 03 17:41:01.894148 2020] [oauth2:debug] [pid 2569] src/server/apache.c(345): [client {client_ip}] oauth2_apache_return_www_authenticate: leave, referer:{incoming_url}
[Mon Aug 03 17:41:01.894152 2020] [oauth2:debug] [pid 2569] src/mod_oauth2.c(153): [client {client_ip}] oauth2_request_handler: leave, referer:{incoming_url}
[Mon Aug 03 17:41:01.894242 2020] [oauth2:debug] [pid 2569] src/server/apache.c(289): [client {client_ip}] oauth2_apache_request_context_free: dispose request context: 0x56124ffbba20, referer:{incoming_url}
[Mon Aug 03 17:41:06.899343 2020] [ssl:info] [pid 2569] (70007)The timeout specified has expired: [client {client_ip}] AH01991: SSL input filter read failed.
[Mon Aug 03 17:41:06.899439 2020] [ssl:debug] [pid 2569] ssl_engine_io.c(993): [client {client_ip}] AH02001: Connection closed to child 6 with standard shutdown (server )

This is my ssl.conf for the specific incoming port

AuthType oauth2
OAuth2TokenVerify jwks_uri https://{{keycloak_jwks_uri}} jwks_uri.ssl_verify=false
OAuth2AcceptTokenIn header name=Authorization
Require valid-user

The previous library still works fine with the same url and configuration. The incoming request does in fact have the Authorization header with the bearer access_token as it's value. Wondering what else do I need to change to make it work with this new module. Any help is appreciated!

Hi,
I need to find how to correctly state a "Require" directive with AuthType oauth20, such that it matches a token with scope = "openid user:read".
None of the following works:

Require claim scope:openid user:read
Require claim scope:"openid user:read"
Require claim scope:openid\ user:read
Require claim scope:"openid\ user:read"

Could you please help me?
thanks!

Hello, I have compiled and installed mod_oauth2 to apache 2.4 webserver, setup virtual host
<Location /oauth>
OAuth2TokenVerify introspect https://login.windows.net/7cbec1d6-d5b2-42cf-abd1-1842a4a2d6cf/oauth2/token introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=4951650e-34cc-407d-8423-fc3749603fc0&client_secret=*********
AuthType oauth2
AuthName "OAUTH2 -> AZURE_AD"
Require valid-user
ProxyPass !
`

but the client browser is not redirected to Azure authentication nor is authenticated, get 401 Unauthorized
What I do wrong?
Is anywhere some sample configuration to follow?
Thanks.

I have tried to get this running on Centos 7. I am currently experiencing this error
httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.modules.d/10-oauth2.conf: Cannot load modules/mod_oauth2.so into server: /usr/lib64/liboauth2.so.0: undefined symbol: cjose_jwk_import_json

After installing httpd and configurating my conf file, I have run the following

wget https://github.com/zmartzone/mod_auth_openidc/releases/download/v2.3.0/cjose-0.5.1-1.el7.centos.x86_64.rpm
rpm -iv ~/cjose-0.5.1-1.el7.centos.x86_64.rpm --nodeps

wget https://github.com/zmartzone/liboauth2/releases/download/v1.4.0.1/liboauth2-1.4.0.1-1.el7.x86_64.rpm
sudo yum localinstall -y liboauth2-1.4.0.1-1.el7.x86_64.rpm

wget https://github.com/zmartzone/liboauth2/releases/download/v1.4.0.1/liboauth2-apache-1.4.0.1-1.el7.x86_64.rpm
sudo yum localinstall -y liboauth2-apache-1.4.0.1-1.el7.x86_64.rpm

wget https://github.com/zmartzone/mod_oauth2/releases/download/v3.2.0/mod_oauth2-3.2.0-1.el7.x86_64.rpm
sudo yum localinstall -y mod_oauth2-3.2.0-1.el7.x86_64.rpm

Seeing someone had a similar issue with mod_auth_openidc, this is where I found cjose from. I did not install the 2 jansson libraries but rpm -qa shows me they are already installed and the same version you referenced.

I have created my own JWT, and I'm trying to use this to secure my api. When I try to configure apache to use it, I get the following error from a configtest

AH00526: Syntax error on line 16 of /etc/apache2/sites-enabled/mySite.conf:
PEM_read_bio_PUBKEY failed: error:0909006C:PEM routines:get_name:no start line
Action 'configtest' failed.

I had used Steps 1 & 2 here which got me my public RSA key
https://adangel.org/2016/08/29/openssl-rsa-java/

Here is the configuration I have in my conf file. I read that liboauth2 is a requirement. I downloaded and ran the install, but I'm not sure if maybe I didn't install that properly, or if there is something else I missed.

The other thing I have tried, instead of passing a path to the pem, I tried to paste in the contents, but that complained about the number of arguments for OAuth2TokenVerify.

<Location /secure>
      AllowOverride All
      AuthType oauth2
      OAuth2TokenVerify pubkey /home/myUser/apache/rsa-public.pem kid=123456789000-b425-4450-8952-87fec8bcffc2ffd&verify.iss=skip&verify.exp=skip
</Location>

I saw these messages in my log, and I'm wondering if I'm doing something wrong, or if something has changed with Microsoft. Is it possible to allow for a larger value?

[Thu Jul 21 19:03:29.454826 2022] [oauth2:error] [pid 93:tid 140185836705536] [client 172.1.5.1:51198] oauth2_cache_shm_check_value: could not store value since value size is too large (11106 > 8192)
[Thu Jul 21 19:03:29.454855 2022] [oauth2:error] [pid 93:tid 140185836705536] [client 172.1.5.1:51198] oauth2_cache_set: leave: could NOT store: https://login.microsoftonline.com/86e80137-24cb-4b7f-ad48-3e322110abc6/discovery/v2.0/keys

In looking at the the configure file I'm thinking that maybe i need to use the max_val_size paramter.

If I modified my Oauth2TokenVerify to something like this, would that be the proper setup?

OAuth2TokenVerify jwks_uri https://login.microsoftonline.com/${AZURE_TENANT_ID}/discovery/v2.0/keys verify.iat=skip&max_val_size=12000

or is there some other mis-configuration that has me getting this?

We tried the following apache config to get rid of [oauth2:warn] "no crypto passphrase configured":

OAuth2Cache redis host=localhost&encrypt=false

But it has no result and the format for the options is not clear (https://github.com/OpenIDC/mod_oauth2/blob/master/oauth2.conf)?

We were looking to use mod_auth_openidc as a resource server, but saw the deprecation comments in the sample config referencing this plug-in. We need to validate the audience (aud) field in our access token. Is this supported? I reviewed the sample config file provided, but did not see a way to do this.

Resolved -- skip to the end for a summary of what was discussed

I've followed these instructions to get the mod_oauth2 package installed in RHEL 7: https://www.gitmemory.com/issue/zmartzone/mod_oauth2/12/754667776

However, with everything installed when I attempt to reference the module in the httpd.conf file like:
LoadModule mod_oauth2 /etc/httpd/modules/mod_oauth2.so

I get an error when trying to start apache:
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Can't locate API module structure `mod_oauth2' in file /etc/httpd/modules/mod_oauth2.so: /etc/httpd/modules/mod_oauth2.so: undefined symbol: mod_oauth2

The /etc/httpd/modules contains these mod_oauth2 references:

ls -l mod_oauth2*
-rw-r--r--. 1 root root 24312 Dec 22  2020 mod_oauth2-3.2.0-1.el7.x86_64.rpm
lrwxrwxrwx. 1 root root    19 Aug 11 22:24 mod_oauth2.so -> mod_oauth2.so.0.0.0
-rwxr-xr-x. 1 root root 24336 Dec 22  2020 mod_oauth2.so.0.0.0

and the /usr/lib64 has these libraries installed:

lrwxrwxrwx.  1 root root       17 Aug 11 22:19 libcjose.so -> libcjose.so.0.0.0
lrwxrwxrwx.  1 root root       17 Aug 11 22:19 libcjose.so.0 -> libcjose.so.0.0.0
lrwxrwxrwx.  1 root root       18 Aug 11 22:20 liboauth2.so.0 -> liboauth2.so.0.0.0
lrwxrwxrwx.  1 root root       18 Aug 11 22:20 liboauth2.so -> liboauth2.so.0.0.0
lrwxrwxrwx.  1 root root       25 Aug 11 22:20 liboauth2_apache.so -> liboauth2_apache.so.0.0.0
lrwxrwxrwx.  1 root root       25 Aug 11 22:20 liboauth2_apache.so.0 -> liboauth2_apache.so.0.0.0

My goal is to configure Apache to call out to my OAUTH2 Authentication Server passing the access_token to my the URL specified in these configuration parameters:

AuthType oauth2
OAuth2TokenVerify introspect http://localhost:9091/secure introspect.auth=none
OAuth2AccessTokenIn post name=access_token

I also tried specifying the true path (without symlinks) to /usr/lib64/httpd/modules/mod_oauth2.so but I get the same error -- so the library exists, but I'm not specifying the module correctly:

apachectl -M
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Can't locate API module structure `mod_oauth2' in file /usr/lib64/httpd/modules/mod_oauth2.so: /usr/lib64/httpd/modules/mod_oauth2.so: undefined symbol: mod_oauth2

I have a jwk location configured with the following parameters

verify.iat=skip&verify.exp=required

I have also tried it without the verify.exp. But what I'm noticing is that for my token configured with 1 minute between iat and exp, that the token is valid for exactly 3 or 4 minutes after the exp has past. Is this expected?

Tried to install mod_oauth2 3.3.1 using following command:
[root@localhost ~]# yum localinstall mod_oauth2-3.3.1-1.el9.x86_64.rpm
Last metadata expiration check: 2:35:50 ago on Mon 10 Jul 2023 02:21:27 PM EDT.
Error:
Problem: conflicting requests

• nothing provides libjansson.so.4(libjansson.so.4)(64bit) needed by mod_oauth2-3.3.1-1.el9.x86_64 from @commandline
  (try to add '--skip-broken' to skip uninstallable packages)

I do have libjansson.so.4 at /usr/lib64/libjansson.so.4 ( part of the jansson package).

why is this dependency failing?

Thanks.

hello there,
I am in may last step to validate the token against an application behind an internal IDP but the oauth2 module is not helping as it is rejecting it even with a successful POST. see below the logs:

[Wed Mar 22 00:09:21.182709 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/http.c(980): [client 127.0.0.1:42836] oauth2_http_call: enter: url=https://someURL/rest/1.0/idptoken/validatetoken, data=token=sometoken&token_type_hint=access_token&access_token=sometoken, ctx=[ ssl_verify=false hdr
=[ Content-Type=application/x-www-form-urlencoded ] cookie=[ ] ]
[Wed Mar 22 00:09:22.451652 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/http.c(1102): [client 127.0.0.1:42836] oauth2_http_call: HTTP response code=200
[Wed Mar 22 00:09:22.452391 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/http.c(1121): [client 127.0.0.1:42836] oauth2_http_call: leave [1]: {"login_name":"apiname","firm_name":
"firm","expires_in":1679458523016,"issuer":"firm","client_id":"firm_id"}
[Wed Mar 22 00:09:22.452429 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/oauth2.c(399): [client 127.0.0.1:42836] _oauth2_introspect_verify: leave: 0
[Wed Mar 22 00:09:22.452433 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/oauth2.c(877): [client 127.0.0.1:42836] oauth2_token_verify: leave: 0
[Wed Mar 22 00:09:22.452437 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/server/apache.c(368): [client 127.0.0.1:42836] oauth2_apache_return_www_authenticate: enter
[Wed Mar 22 00:09:22.452443 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/server/apache.c(460): [client 127.0.0.1:42836] oauth2_apache_hdr_out_add: WWW-Authenticate: Bearer error="inva
lid_token", error_description="Token could not be verified."
[Wed Mar 22 00:09:22.452447 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/server/apache.c(392): [client 127.0.0.1:42836] oauth2_apache_return_www_authenticate: leave
[Wed Mar 22 00:09:22.452449 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/mod_oauth2.c(144): [client 127.0.0.1:42836] oauth2_request_handler: leave
[Wed Mar 22 00:09:22.452738 2023] [oauth2:debug] [pid 1542189:tid 140341422778112] src/server/apache.c(335): [client 127.0.0.1:42836] oauth2_apache_request_context_free: dispose request context: 0x
7fa3c40400f0

could you please help to understand that behavior
PS: remote_user_claim=login_name

2-
the second issue is with this library, mod_oauth2 and I guess it is the fault of our internal IDP, can we force the token name in the post parameter? and how? as you may see above I have added access_token in the body to test the library, but I guess you will suggest to use the library [mod_auth_openidc]

thanks again for the help!

I'm trying to track down why occasionally I get a 401 error .

Here is the configuration in Apache, it has a

<Location /someLocation>
Require valid-user
AuthType oauth2
OAuth2TokenVerify jwk "..." verify.iat=skip&expiry=5

This is the apache error I get
172.24.0.1 - FLCm7KqMmt-CnMOKmf1EpJYd5wbPUdJ8ILQPO_TT09Q [23/Aug/2021:16:20:40 +0000] "POST /someLocation/resources/vx.y/doIt HTTP/1.1" 200 186
double free or corruption (fasttop)
172.24.0.1 - - [23/Aug/2021:16:20:43 +0000] "POST /someLocation/resources/vx.y/doIt HTTP/1.1" 401 381
[Mon Aug 23 16:20:43.903993 2021] [core:notice] [pid 1:tid 139697330451584] AH00052: child pid 93 exit signal Aborted (6)

Am I reading this right that some sort of partial request is being processed and causing a memory error?

I'm using Amazon Cognito IdP and the authentication is taken care of by an Amazon Application Load Balancer and the Amazon Hosted UI.

We receive 2 tokens on Apache side : X-Amnz-Oidc-Accesstoken on which I base my authorization process as per the documentation, and X-Amnz-Oidc-Data which contains some identification data such as the user email address. They're both signed JWTs and can be verified with the same public key.

Is there a way to decode and extract both tokens data ?

Thanks for your assistance 👋

Hello,

I try to use the mod_auth_oidc Module for Authentication Code Flow and the
mod_oauth2 module as supposed for Token Introspection.

I previously configured the mod_auth_oidc module for all of this and it worked.

I added to the apache config following lines:

LoadModule oauth2_module modules/mod_oauth2.so

OAuth2TokenVerify introspect https://.../as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=XX&client_secret=XX

<Location /dart-oidc>
AuthType oauth2
Require claim client_id:XX

I am using

• Apache:
  Server version: Apache/2.4.6 (Red Hat Enterprise Linux)

• mod_oauth2-3.1.0-1.el7.x86_64

• Linux version 3.10.0-1062.9.1.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) ) #1 SMP Mon Dec 2 08:31:54 EST 2019

and installed the following Dependencies:
liboauth2-1.3.0-1.el7.x86_64
liboauth2-apache-1.3.0-1.el7.x86_64
hiredis-0.12.1-2.el7.x86_64
hiredis-devel-0.12.1-2.el7.x86_64
libmemcached-devel-1.0.16-5.el7.x86_64
cjose-0.6.1.5-1.el7.x86_64
jansson-devel-2.10-1.el7.x86_64
jansson-2.10-1.el7.x86_64

But my Apache does not start, it exits with following Message:

[Wed Jun 03 10:35:32.294333 2020] [oauth2:info] [pid 8345] oauth2_apache_post_config: mod_oauth2-3.1.0-liboauth2-1.3.0 - init
*** Error in `/usr/sbin/httpd': free(): invalid pointer: 0x000055e051e3f9e0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x816b9)[0x7fad20a736b9]
/usr/lib64/liboauth2.so.0(oauth2_mem_free+0x1f)[0x7fad16759d8c]
/usr/lib64/liboauth2.so.0(oauth2_log_free+0x72)[0x7fad1675a201]
/usr/lib64/liboauth2_apache.so.0(+0x277d)[0x7fad1698577d]
/usr/lib64/liboauth2_apache.so.0(oauth2_apache_child_cleanup+0x59)[0x7fad169858dc]
/application/apache2/modules/mod_oauth2.so(+0x240f)[0x7fad16b8c40f]
/lib64/libapr-1.so.0(+0x1835e)[0x7fad211f835e]
/lib64/libapr-1.so.0(+0x18378)[0x7fad211f8378]
/lib64/libapr-1.so.0(+0x18378)[0x7fad211f8378]
/lib64/libapr-1.so.0(apr_proc_create+0x124)[0x7fad21203184]
/usr/sbin/httpd(+0x47f14)[0x55e050bd2f14]
/usr/sbin/httpd(ap_open_piped_log_ex+0x7e)[0x55e050bd303e]
/application/apache2/modules/mod_jk.so(+0x1912e)[0x7fad15e6d12e]
/usr/sbin/httpd(ap_run_post_config+0x59)[0x55e050bcc779]
/usr/sbin/httpd(main+0xa67)[0x55e050ba9e57]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fad20a14545]
/usr/sbin/httpd(+0x1efbf)[0x55e050ba9fbf]
======= Memory map: ========
55e050b8b000-55e050c04000 r-xp 00000000 fd:02 146258 /usr/sbin/httpd
55e050e04000-55e050e07000 r--p 00079000 fd:02 146258 /usr/sbin/httpd
55e050e07000-55e050e09000 rw-p 0007c000 fd:02 146258 /usr/sbin/httpd
55e050e09000-55e050e0c000 rw-p 00000000 00:00 0
55e051dd6000-55e051f09000 rw-p 00000000 00:00 0 [heap]
7fad14d76000-7fad14df4000 rw-s 00000000 00:04 240042463 /dev/zero (deleted)
7fad14df4000-7fad15411000 r--s 00000000 fd:08 131400 /var/lib/sss/mc/group
7fad15411000-7fad1541d000 r-xp 00000000 fd:02 7421 /usr/lib64/libnss_files-2.17.so
7fad1541d000-7fad1561c000 ---p 0000c000 fd:02 7421 /usr/lib64/libnss_files-2.17.so
7fad1561c000-7fad1561d000 r--p 0000b000 fd:02 7421 /usr/lib64/libnss_files-2.17.so
7fad1561d000-7fad1561e000 rw-p 0000c000 fd:02 7421 /usr/lib64/libnss_files-2.17.so
7fad1561e000-7fad15624000 rw-p 00000000 00:00 0
7fad15624000-7fad1562c000 r-xp 00000000 fd:02 9565 /usr/lib64/libnss_sss.so.2
7fad1562c000-7fad1582b000 ---p 00008000 fd:02 9565 /usr/lib64/libnss_sss.so.2
7fad1582b000-7fad1582c000 r--p 00007000 fd:02 9565 /usr/lib64/libnss_sss.so.2
7fad1582c000-7fad1582d000 rw-p 00008000 fd:02 9565 /usr/lib64/libnss_sss.so.2
7fad1582d000-7fad15844000 r-xp 00000000 fd:02 6439 /usr/lib64/libnsl-2.17.so
7fad15844000-7fad15a43000 ---p 00017000 fd:02 6439 /usr/lib64/libnsl-2.17.so
7fad15a43000-7fad15a44000 r--p 00016000 fd:02 6439 /usr/lib64/libnsl-2.17.so
7fad15a44000-7fad15a45000 rw-p 00017000 fd:02 6439 /usr/lib64/libnsl-2.17.so
7fad15a45000-7fad15a47000 rw-p 00000000 00:00 0
7fad15a47000-7fad15a50000 r-xp 00000000 fd:02 6445 /usr/lib64/libnss_compat-2.17.so
7fad15a50000-7fad15c4f000 ---p 00009000 fd:02 6445 /usr/lib64/libnss_compat-2.17.so
7fad15c4f000-7fad15c50000 r--p 00008000 fd:02 6445 /usr/lib64/libnss_compat-2.17.so
7fad15c50000-7fad15c51000 rw-p 00009000 fd:02 6445 /usr/lib64/libnss_compat-2.17.so
7fad15c51000-7fad15c53000 r-xp 00000000 fd:02 12655 /usr/lib64/httpd/modules/mod_env.so
7fad15c53000-7fad15e52000 ---p 00002000 fd:02 12655 /usr/lib64/httpd/modules/mod_env.so
7fad15e52000-7fad15e53000 r--p 00001000 fd:02 12655 /usr/lib64/httpd/modules/mod_env.so
7fad15e53000-7fad15e54000 rw-p 00002000 fd:02 12655 /usr/lib64/httpd/modules/mod_env.so
7fad15e54000-7fad15eb5000 r-xp 00000000 fd:02 17913 /usr/lib64/httpd/modules/mod_jk.so
7fad15eb5000-7fad160b4000 ---p 00061000 fd:02 17913 /usr/lib64/httpd/modules/mod_jk.so
7fad160b4000-7fad160b6000 r--p 00060000 fd:02 17913 /usr/lib64/httpd/modules/mod_jk.so
7fad160b6000-7fad160b7000 rw-p 00062000 fd:02 17913 /usr/lib64/httpd/modules/mod_jk.so
7fad160b7000-7fad16110000 r-xp 00000000 fd:02 9199 /usr/lib64/libldap_r-2.4.so.2.10.7
7fad16110000-7fad16310000 ---p 00059000 fd:02 9199 /usr/lib64/libldap_r-2.4.so.2.10.7
7fad16310000-7fad16312000 r--p 00059000 fd:02 9199 /usr/lib64/libldap_r-2.4.so.2.10.7
7fad16312000-7fad16313000 rw-p 0005b000 fd:02 9199 /usr/lib64/libldap_r-2.4.so.2.10.7
7fad16313000-7fad16316000 rw-p 00000000 00:00 0
7fad16316000-7fad1631a000 r-xp 00000000 fd:02 23607 /usr/lib64/libmemcachedutil.so.2.0.0
7fad1631a000-7fad16519000 ---p 00004000 fd:02 23607 /usr/lib64/libmemcachedutil.so.2.0.0
7fad16519000-7fad1651a000 r--p 00003000 fd:02 23607 /usr/lib64/libmemcachedutil.so.2.0.0
7fad1651a000-7fad1651b000 rw-p 00004000 fd:02 23607 /usr/lib64/libmemcachedutil.so.2.0.0
7fad1651b000-7fad1654b000 r-xp 00000000 fd:02 23603 /usr/lib64/libmemcached.so.11.0.0
7fad1654b000-7fad1674b000 ---p 00030000 fd:02 23603 /usr/lib64/libmemcached.so.11.0.0
7fad1674b000-7fad1674c000 r--p 00030000 fd:02 23603 /usr/lib64/libmemcached.so.11.0.0
7fad1674c000-7fad1674d000 rw-p 00031000 fd:02 23603 /usr/lib64/libmemcached.so.11.0.0
7fad1674d000-7fad16781000 r-xp 00000000 fd:02 23787 /usr/lib64/liboauth2.so.0.0.0
7fad16781000-7fad16980000 ---p 00034000 fd:02 23787 /usr/lib64/liboauth2.so.0.0.0
7fad16980000-7fad16981000 r--p 00033000 fd:02 23787 /usr/lib64/liboauth2.so.0.0.0
7fad16981000-7fad16983000 rw-p 00034000 fd:02 23787 /usr/lib64/liboauth2.so.0.0.0
7fad16983000-7fad16989000 r-xp 00000000 fd:02 23791 /usr/lib64/liboauth2_apache.so.0.0.0
7fad16989000-7fad16b88000 ---p 00006000 fd:02 23791 /usr/lib64/liboauth2_apache.so.0.0.0
7fad16b88000-7fad16b89000 r--p 00005000 fd:02 23791 /usr/lib64/liboauth2_apache.so.0.0.0
7fad16b89000-7fad16b8a000 rw-p 00006000 fd:02 23791 /usr/lib64/liboauth2_apache.so.0.0.0
7fad16b8a000-7fad16b8d000 r-xp 00000000 fd:02 23794 /usr/lib64/httpd/modules/mod_oauth2.so.0.0.0
7fad16b8d000-7fad16d8c000 ---p 00003000 fd:02 23794 /usr/lib64/httpd/modules/mod_oauth2.so.0.0.0
7fad16d8c000-7fad16d8d000 r--p 00002000 fd:02 23794 /usr/lib64/httpd/modules/mod_oauth2.so.0.0.0
7fad16d8d000-7fad16d8e000 rw-p 00003000 fd:02 23794 /usr/lib64/httpd/modules/mod_oauth2.so.0.0.0
7fad16d8e000-7fad16d8f000 r-xp 00000000 fd:02 8748 /usr/lib64/httpd/modules/mod_authz_user.so
7fad16d8f000-7fad16f8e000 ---p 00001000 fd:02 8748 /usr/lib64/httpd/modules/mod_authz_user.so
7fad16f8e000-7fad16f8f000 r--p 00000000 fd:02 8748 /usr/lib64/httpd/modules/mod_authz_user.so
7fad16f8f000-7fad16f90000 rw-p 00001000 fd:02 8748 /usr/lib64/httpd/modules/mod_authz_user.so
7fad16f90000-7fad16f92000 r-xp 00000000 fd:02 6446 /usr/lib64/httpd/modules/mod_authn_core.so
7fad16f92000-7fad17192000 ---p 00002000 fd:02 6446 /usr/lib64/httpd/modules/mod_authn_core.so
7fad17192000-7fad17193000 r--p 00002000 fd:02 6446 /usr/lib64/httpd/modules/mod_authn_core.so
7fad17193000-7fad17194000 rw-p 00003000 fd:02 6446 /usr/lib64/httpd/modules/mod_authn_core.so
7fad17194000-7fad171b0000 r-xp 00000000 fd:02 7424 /usr/lib64/libsasl2.so.3.0.0
7fad171b0000-7fad173af000 ---p 0001c000 fd:02 7424 /usr/lib64/libsasl2.so.3.0.0
7fad173af000-7fad173b0000 r--p 0001b000 fd:02 7424 /usr/lib64/libsasl2.so.3.0.0
7fad173b0000-7fad173b1000 rw-p 0001c000 fd:02 7424 /usr/lib64/libsasl2.so.3.0.0
7fad173b1000-7fad17403000 r-xp 00000000 fd:02 9197 /usr/lib64/libldap-2.4.so.2.10.7
7fad17403000-7fad17603000 ---p 00052000 fd:02 9197 /usr/lib64/libldap-2.4.so.2.10.7
7fad17603000-7fad17605000 r--p 00052000 fd:02 9197 /usr/lib64/libldap-2.4.so.2.10.7
7fad17605000-7fad17606000 rw-p 00054000 fd:02 9197 /usr/lib64/libldap-2.4.so.2.10.7
7fad17606000-7fad17614000 r-xp 00000000 fd:02 9195 /usr/lib64/liblber-2.4.so.2.10.7
7fad17614000-7fad17813000 ---p 0000e000 fd:02 9195 /usr/lib64/liblber-2.4.so.2.10.7
7fad17813000-7fad17814000 r--p 0000d000 fd:02 9195 /usr/lib64/liblber-2.4.so.2.10.7
7fad17814000-7fad17815000 rw-p 0000e000 fd:02 9195 /usr/lib64/liblber-2.4.so.2.10.7
7fad17815000-7fad1784f000 r-xp 00000000 fd:02 3041 /usr/lib64/libnspr4.so
7fad1784f000-7fad17a4e000 ---p 0003a000 fd:02 3041 /usr/lib64/libnspr4.so
7fad17a4e000-7fad17a4f000 r--p 00039000 fd:02 3041 /usr/lib64/libnspr4.so
7fad17a4f000-7fad17a51000 rw-p 0003a000 fd:02 3041 /usr/lib64/libnspr4.so
7fad17a51000-7fad17a53000 rw-p 00000000 00:00 0
7fad17a53000-7fad17a57000 r-xp 00000000 fd:02 7925 /usr/lib64/libplc4.so
7fad17a57000-7fad17c56000 ---p 00004000 fd:02 7925 /usr/lib64/libplc4.so
7fad17c56000-7fad17c57000 r--p 00003000 fd:02 7925 /usr/lib64/libplc4.so
7fad17c57000-7fad17c58000 rw-p 00004000 fd:02 7925 /usr/lib64/libplc4.so
7fad17c58000-7fad17c5b000 r-xp 00000000 fd:02 7995 /usr/lib64/libplds4.so
7fad17c5b000-7fad17e5a000 ---p 00003000 fd:02 7995 /usr/lib64/libplds4.so
7fad17e5a000-7fad17e5b000 r--p 00002000 fd:02 7995 /usr/lib64/libplds4.so
7fad17e5b000-7fad17e5c000 rw-p 00003000 fd:02 7995 /usr/lib64/libplds4.so
7fad17e5c000-7fad17e85000 r-xp 00000000 fd:02 7996 /usr/lib64/libnssutil3.so
7fad17e85000-7fad18084000 ---p 00029000 fd:02 7996 /usr/lib64/libnssutil3.so
7fad18084000-7fad1808b000 r--p 00028000 fd:02 7996 /usr/lib64/libnssutil3.so
7fad1808b000-7fad1808c000 rw-p 0002f000 fd:02 7996 /usr/lib64/libnssutil3.so
7fad1808c000-7fad181b2000 r-xp 00000000 fd:02 18507 /usr/lib64/libnss3.so
7fad181b2000-7fad183b2000 ---p 00126000 fd:02 18507 /usr/lib64/libnss3.so
7fad183b2000-7fad183b7000 r--p 00126000 fd:02 18507 /usr/lib64/libnss3.so
7fad183b7000-7fad183b9000 rw-p 0012b000 fd:02 18507 /usr/lib64/libnss3.so
7fad183b9000-7fad183bb000 rw-p 00000000 00:00 0
7fad183bb000-7fad183e0000 r-xp 00000000 fd:02 18600 /usr/lib64/libsmime3.so
7fad183e0000-7fad185df000 ---p 00025000 fd:02 18600 /usr/lib64/libsmime3.so
7fad185df000-7fad185e2000 r--p 00024000 fd:02 18600 /usr/lib64/libsmime3.so
7fad185e2000-7fad185e3000 rw-p 00027000 fd:02 18600 /usr/lib64/libsmime3.so
7fad185e3000-7fad18636000 r-xp 00000000 fd:02 18602 /usr/lib64/libssl3.so
7fad18636000-7fad18836000 ---p 00053000 fd:02 18602 /usr/lib64/libssl3.so
7fad18836000-7fad1883a000 r--p 00053000 fd:02 18602 /usr/lib64/libssl3.so
7fad1883a000-7fad1883b000 rw-p 00057000 fd:02 18602 /usr/lib64/libssl3.so
7fad1883b000-7fad1883c000 rw-p 00000000 00:00 0
7fad1883c000-7fad18867000 r-xp 00000000 fd:02 16284 /usr/lib64/libssh2.so.1.0.1
7fad18867000-7fad18a67000 ---p 0002b000 fd:02 16284 /usr/lib64/libssh2.so.1.0.1
7fad18a67000-7fad18a68000 r--p 0002b000 fd:02 16284 /usr/lib64/libssh2.so.1.0.1
7fad18a68000-7fad18a69000 rw-p 0002c000 fd:02 16284 /usr/lib64/libssh2.so.1.0.1
7fad18a69000-7fad18a9b000 r-xp 00000000 fd:02 3510 /usr/lib64/libidn.so.11.6.11
7fad18a9b000-7fad18c9a000 ---p 00032000 fd:02 3510 /usr/lib64/libidn.so.11.6.11
7fad18c9a000-7fad18c9b000 r--p 00031000 fd:02 3510 /usr/lib64/libidn.so.11.6.11
7fad18c9b000-7fad18c9c000 rw-p 00032000 fd:02 3510 /usr/lib64/libidn.so.11.6.11
7fad18c9c000-7fad18ca8000 r-xp 00000000 fd:02 23593 /usr/lib64/libhiredis.so.0.12
7fad18ca8000-7fad18ea7000 ---p 0000c000 fd:02 23593 /usr/lib64/libhiredis.so.0.12
7fad18ea7000-7fad18ea8000 r--p 0000b000 fd:02 23593 /usr/lib64/libhiredis.so.0.12
7fad18ea8000-7fad18ea9000 rw-p 0000c000 fd:02 23593 /usr/lib64/libhiredis.so.0.12
7fad18ea9000-7fad18eb5000 r-xp 00000000 fd:02 3949 /usr/lib64/libjansson.so.4.10.0
7fad18eb5000-7fad190b4000 ---p 0000c000 fd:02 3949 /usr/lib64/libjansson.so.4.10.0
7fad190b4000-7fad190b5000 r--p 0000b000 fd:02 3949 /usr/lib64/libjansson.so.4.10.0
7fad190b5000-7fad190b6000 rw-p 0000c000 fd:02 3949 /usr/lib64/libjansson.so.4.10.0
7fad190b6000-7fad190cc000 r-xp 00000000 fd:02 23590 /usr/lib64/libcjose.so.0.0.0
7fad190cc000-7fad192cc000 ---p 00016000 fd:02 23590 /usr/lib64/libcjose.so.0.0.0
7fad192cc000-7fad192cd000 r--p 00016000 fd:02 23590 /usr/lib64/libcjose.so.0.0.0
7fad192cd000-7fad192ce000 rw-p 00017000 fd:02 23590 /usr/lib64/libcjose.so.0.0.0
7fad192ce000-7fad19334000 r-xp 00000000 fd:02 18628 /usr/lib64/libcurl.so.4.3.0
7fad19334000-7fad19534000 ---p 00066000 fd:02 18628 /usr/lib64/libcurl.so.4.3.0
7fad19534000-7fad19536000 r--p 00066000 fd:02 18628 /usr/lib64/libcurl.so.4.3.0
7fad19536000-7fad19537000 rw-p 00068000 fd:02 18628 /usr/lib64/libcurl.so.4.3.0
7fad19537000-7fad19538000 rw-p 00000000 00:00 0
7fad19538000-7fad1959d000 r-xp 00000000 fd:02 23596 /usr/lib64/httpd/modules/mod_auth_openidc.so
7fad1959d000-7fad1979c000 ---p 00065000 fd:02 23596 /usr/lib64/httpd/modules/mod_auth_openidc.so
7fad1979c000-7fad1979f000 r--p 00064000 fd:02 23596 /usr/lib64/httpd/modules/mod_auth_openidc.so
7fad1979f000-7fad197a0000 rw-p 00067000 fd:02 23596 /usr/lib64/httpd/modules/mod_auth_openidc.so
7fad197a0000-7fad197a6000 r-xp 00000000 fd:02 15871 /usr/lib64/httpd/modules/mod_info.so
7fad197a6000-7fad199a5000 ---p 00006000 fd:02 15871 /usr/lib64/httpd/modules/mod_info.so
7fad199a5000-7fad199a6000 r--p 00005000 fd:02 15871 /usr/lib64/httpd/modules/mod_info.so
7fad199a6000-7fad199a7000 rw-p 00006000 fd:02 15871 /usr/lib64/httpd/modules/mod_info.so
7fad199a7000-7fad199ac000 r-xp 00000000 fd:02 15913 /usr/lib64/httpd/modules/mod_status.so
7fad199ac000-7fad19bab000 ---p 00005000 fd:02 15913 /usr/lib64/httpd/modules/mod_status.so
7fad19bab000-7fad19bac000 r--p 00004000 fd:02 15913 /usr/lib64/httpd/modules/mod_status.so
7fad19bac000-7fad19bad000 rw-p 00005000 fd:02 15913 /usr/lib64/httpd/modules/mod_status.so
7fad19bad000-7fad19bb0000 r-xp 00000000 fd:02 6430 /usr/lib64/httpd/modules/mod_alias.so
7fad19bb0000-7fad19daf000 ---p 00003000 fd:02 6430 /usr/lib64/httpd/modules/mod_alias.so
7fad19daf000-7fad19db0000 r--p 00002000 fd:02 6430 /usr/lib64/httpd/modules/mod_alias.so
7fad19db0000-7fad19db1000 rw-p 00003000 fd:02 6430 /usr/lib64/httpd/modules/mod_alias.so
7fad19db1000-7fad19db7000 r-xp 00000000 fd:02 15876 /usr/lib64/httpd/modules/mod_log_config.so
7fad19db7000-7fad19fb7000 ---p 00006000 fd:02 15876 /usr/lib64/httpd/modules/mod_log_config.so
7fad19fb7000-7fad19fb8000 r--p 00006000 fd:02 15876 /usr/lib64/httpd/modules/mod_log_config.so
7fad19fb8000-7fad19fb9000 rw-p 00007000 fd:02 15876 /usr/lib64/httpd/modules/mod_log_config.so
7fad19fb9000-7fad19fbc000 r-xp 00000000 fd:02 15906 /usr/lib64/httpd/modules/mod_setenvif.so
7fad19fbc000-7fad1a1bb000 ---p 00003000 fd:02 15906 /usr/lib64/httpd/modules/mod_setenvif.so
7fad1a1bb000-7fad1a1bc000 r--p 00002000 fd:02 15906 /usr/lib64/httpd/modules/mod_setenvif.so
7fad1a1bc000-7fad1a1bd000 rw-p 00003000 fd:02 15906 /usr/lib64/httpd/modules/mod_setenvif.so
7fad1a1bd000-7fad1a1c2000 r-xp 00000000 fd:02 15911 /usr/lib64/httpd/modules/mod_socache_shmcb.so
7fad1a1c2000-7fad1a3c1000 ---p 00005000 fd:02 15911 /usr/lib64/httpd/modules/mod_socache_shmcb.so
7fad1a3c1000-7fad1a3c2000 r--p 00004000 fd:02 15911 /usr/lib64/httpd/modules/mod_socache_shmcb.so
7fad1a3c2000-7fad1a3c3000 rw-p 00005000 fd:02 15911 /usr/lib64/httpd/modules/mod_socache_shmcb.so
7fad1a3c3000-7fad1a3c7000 r-xp 00000000 fd:02 15882 /usr/lib64/httpd/modules/mod_mime.so
7fad1a3c7000-7fad1a5c6000 ---p 00004000 fd:02 15882 /usr/lib64/httpd/modules/mod_mime.so
7fad1a5c6000-7fad1a5c7000 r--p 00003000 fd:02 15882 /usr/lib64/httpd/modules/mod_mime.so
7fad1a5c7000-7fad1a5c8000 rw-p 00004000 fd:02 15882 /usr/lib64/httpd/modules/mod_mime.so
7fad1a5c8000-7fad1a5ca000 r-xp 00000000 fd:02 12652 /usr/lib64/httpd/modules/mod_dir.so
7fad1a5ca000-7fad1a7ca000 ---p 00002000 fd:02 12652 /usr/lib64/httpd/modules/mod_dir.so
7fad1a7ca000-7fad1a7cb000 r--p 00002000 fd:02 12652 /usr/lib64/httpd/modules/mod_dir.so
7fad1a7cb000-7fad1a7cc000 rw-p 00003000 fd:02 12652 /usr/lib64/httpd/modules/mod_dir.so
7fad1a7cc000-7fad1a7ce000 r-xp 00000000 fd:02 8746 /usr/lib64/httpd/modules/mod_authz_host.so
7fad1a7ce000-7fad1a9cd000 ---p 00002000 fd:02 8746 /usr/lib64/httpd/modules/mod_authz_host.so
7fad1a9cd000-7fad1a9ce000 r--p 00001000 fd:02 8746 /usr/lib64/httpd/modules/mod_authz_host.so
7fad1a9ce000-7fad1a9cf000 rw-p 00002000 fd:02 8746 /usr/lib64/httpd/modules/mod_authz_host.so
7fad1a9cf000-7fad1a9d4000 r-xp 00000000 fd:02 6453 /usr/lib64/httpd/modules/mod_authz_core.so
7fad1a9d4000-7fad1abd3000 ---p 00005000 fd:02 6453 /usr/lib64/httpd/modules/mod_authz_core.so
7fad1abd3000-7fad1abd4000 r--p 00004000 fd:02 6453 /usr/lib64/httpd/modules/mod_authz_core.so
7fad1abd4000-7fad1abd5000 rw-p 00005000 fd:02 6453 /usr/lib64/httpd/modules/mod_authz_core.so
7fad1abd5000-7fad1abeb000 r-xp 00000000 fd:02 7453 /usr/lib64/libresolv-2.17.so
7fad1abeb000-7fad1adea000 ---p 00016000 fd:02 7453 /usr/lib64/libresolv-2.17.so
7fad1adea000-7fad1adeb000 r--p 00015000 fd:02 7453 /usr/lib64/libresolv-2.17.so
7fad1adeb000-7fad1adec000 rw-p 00016000 fd:02 7453 /usr/lib64/libresolv-2.17.so
7fad1adec000-7fad1adee000 rw-p 00000000 00:00 0
7fad1adee000-7fad1adf1000 r-xp 00000000 fd:02 3465 /usr/lib64/libkeyutils.so.1.5
7fad1adf1000-7fad1aff0000 ---p 00003000 fd:02 3465 /usr/lib64/libkeyutils.so.1.5
7fad1aff0000-7fad1aff1000 r--p 00002000 fd:02 3465 /usr/lib64/libkeyutils.so.1.5
7fad1aff1000-7fad1aff2000 rw-p 00003000 fd:02 3465 /usr/lib64/libkeyutils.so.1.5
7fad1aff2000-7fad1affc000 r-xp 00000000 fd:04 5242948 /application/CA/webagent/bin/libkrb5support.so.0
7fad1affc000-7fad1b0fb000 ---p 0000a000 fd:04 5242948 /application/CA/webagent/bin/libkrb5support.so.0
7fad1b0fb000-7fad1b0fc000 rw-p 00009000 fd:04 5242948 /application/CA/webagent/bin/libkrb5support.so.0
7fad1b0fc000-7fad1b0ff000 r-xp 00000000 fd:04 5242947 /application/CA/webagent/bin/libcom_err.so.3
7fad1b0ff000-7fad1b1fe000 ---p 00003000 fd:04 5242947 /application/CA/webagent/bin/libcom_err.so.3
7fad1b1fe000-7fad1b1ff000 rw-p 00002000 fd:04 5242947 /application/CA/webagent/bin/libcom_err.so.3
7fad1b1ff000-7fad1b230000 r-xp 00000000 fd:04 5242946 /application/CA/webagent/bin/libk5crypto.so.3
7fad1b230000-7fad1b32f000 ---p 00031000 fd:04 5242946 /application/CA/webagent/bin/libk5crypto.so.3
7fad1b32f000-7fad1b331000 rw-p 00030000 fd:04 5242946 /application/CA/webagent/bin/libk5crypto.so.3
7fad1b331000-7fad1b332000 rw-p 00000000 00:00 0
7fad1b332000-7fad1b335000 r-xp 00000000 fd:02 8205 /usr/lib64/libcom_err.so.2.1
7fad1b335000-7fad1b534000 ---p 00003000 fd:02 8205 /usr/lib64/libcom_err.so.2.1
7fad1b534000-7fad1b535000 r--p 00002000 fd:02 8205 /usr/lib64/libcom_err.so.2.1
7fad1b535000-7fad1b536000 rw-p 00003000 fd:02 8205 /usr/lib64/libcom_err.so.2.1
7fad1b536000-7fad1b5eb000 r-xp 00000000 fd:04 5242944 /application/CA/webagent/bin/libkrb5.so.3
7fad1b5eb000-7fad1b6eb000 ---p 000b5000 fd:04 5242944 /application/CA/webagent/bin/libkrb5.so.3
7fad1b6eb000-7fad1b6f9000 rw-p 000b5000 fd:04 5242944 /application/CA/webagent/bin/libkrb5.so.3
7fad1b6f9000-7fad1b739000 r-xp 00000000 fd:04 5242945 /application/CA/webagent/bin/libgssapi_krb5.so.2
7fad1b739000-7fad1b838000 ---p 00040000 fd:04 5242945 /application/CA/webagent/bin/libgssapi_krb5.so.2
7fad1b838000-7fad1b83b000 rw-p 0003f000 fd:04 5242945 /application/CA/webagent/bin/libgssapi_krb5.so.2
7fad1b83b000-7fad1ba71000 r-xp 00000000 fd:02 5611 /usr/lib64/libcrypto.so.1.0.2k
7fad1ba71000-7fad1bc71000 ---p 00236000 fd:02 5611 /usr/lib64/libcrypto.so.1.0.2k
7fad1bc71000-7fad1bc8d000 r--p 00236000 fd:02 5611 /usr/lib64/libcrypto.so.1.0.2k
7fad1bc8d000-7fad1bc9a000 rw-p 00252000 fd:02 5611 /usr/lib64/libcrypto.so.1.0.2k
7fad1bc9a000-7fad1bc9e000 rw-p 00000000 00:00 0
7fad1bc9e000-7fad1bd05000 r-xp 00000000 fd:02 5613 /usr/lib64/libssl.so.1.0.2k
7fad1bd05000-7fad1bf05000 ---p 00067000 fd:02 5613 /usr/lib64/libssl.so.1.0.2k
7fad1bf05000-7fad1bf09000 r--p 00067000 fd:02 5613 /usr/lib64/libssl.so.1.0.2k
7fad1bf09000-7fad1bf10000 rw-p 0006b000 fd:02 5613 /usr/lib64/libssl.so.1.0.2k
7fad1bf10000-7fad1bf42000 r-xp 00000000 fd:02 12668 /usr/lib64/httpd/modules/mod_ssl.so
7fad1bf42000-7fad1c142000 ---p 00032000 fd:02 12668 /usr/lib64/httpd/modules/mod_ssl.so
7fad1c142000-7fad1c144000 r--p 00032000 fd:02 12668 /usr/lib64/httpd/modules/mod_ssl.so
7fad1c144000-7fad1c145000 rw-p 00034000 fd:02 12668 /usr/lib64/httpd/modules/mod_ssl.so
7fad1c145000-7fad1c147000 rw-p 00000000 00:00 0
7fad1c147000-7fad1c156000 r-xp 00000000 fd:02 15904 /usr/lib64/httpd/modules/mod_rewrite.so
7fad1c156000-7fad1c356000 ---p 0000f000 fd:02 15904 /usr/lib64/httpd/modules/mod_rewrite.so
7fad1c356000-7fad1c357000 r--p 0000f000 fd:02 15904 /usr/lib64/httpd/modules/mod_rewrite.so
7fad1c357000-7fad1c358000 rw-p 00010000 fd:02 15904 /usr/lib64/httpd/modules/mod_rewrite.so
7fad1c358000-7fad1c35b000 r-xp 00000000 fd:02 15918 /usr/lib64/httpd/modules/mod_unixd.so
7fad1c35b000-7fad1c55a000 ---p 00003000 fd:02 15918 /usr/lib64/httpd/modules/mod_unixd.so
7fad1c55a000-7fad1c55b000 r--p 00002000 fd:02 15918 /usr/lib64/httpd/modules/mod_unixd.so
7fad1c55b000-7fad1c55c000 rw-p 00003000 fd:02 15918 /usr/lib64/httpd/modules/mod_unixd.so
7fad1c55c000-7fad1c563000 r-xp 00000000 fd:02 15885 /usr/lib64/httpd/modules/mod_mpm_prefork.so
7fad1c563000-7fad1c762000 ---p 00007000 fd:02 15885 /usr/lib64/httpd/modules/mod_mpm_prefork.so
7fad1c762000-7fad1c763000 r--p 00006000 fd:02 15885 /usr/lib64/httpd/modules/mod_mpm_prefork.so
7fad1c763000-7fad1c764000 rw-p 00007000 fd:02 15885 /usr/lib64/httpd/modules/mod_mpm_prefork.so
7fad1c764000-7fad1c773000 r-xp 00000000 fd:02 3399 /usr/lib64/libbz2.so.1.0.6
7fad1c773000-7fad1c972000 ---p 0000f000 fd:02 3399 /usr/lib64/libbz2.so.1.0.6
7fad1c972000-7fad1c973000 r--p 0000e000 fd:02 3399 /usr/lib64/libbz2.so.1.0.6
7fad1c973000-7fad1c974000 rw-p 0000f000 fd:02 3399 /usr/lib64/libbz2.so.1.0.6
7fad1c974000-7fad1c999000 r-xp 00000000 fd:02 3298 /usr/lib64/liblzma.so.5.2.2
7fad1c999000-7fad1cb98000 ---p 00025000 fd:02 3298 /usr/lib64/liblzma.so.5.2.2
7fad1cb98000-7fad1cb99000 r--p 00024000 fd:02 3298 /usr/lib64/liblzma.so.5.2.2
7fad1cb99000-7fad1cb9a000 rw-p 00025000 fd:02 3298 /usr/lib64/liblzma.so.5.2.2
7fad1cb9a000-7fad1cbaf000 r-xp 00000000 fd:02 3182 /usr/lib64/libz.so.1.2.7
7fad1cbaf000-7fad1cdae000 ---p 00015000 fd:02 3182 /usr/lib64/libz.so.1.2.7
7fad1cdae000-7fad1cdaf000 r--p 00014000 fd:02 3182 /usr/lib64/libz.so.1.2.7
7fad1cdaf000-7fad1cdb0000 rw-p 00015000 fd:02 3182 /usr/lib64/libz.so.1.2.7
7fad1cdb0000-7fad1cdc7000 r-xp 00000000 fd:02 3463 /usr/lib64/libelf-0.176.so
7fad1cdc7000-7fad1cfc6000 ---p 00017000 fd:02 3463 /usr/lib64/libelf-0.176.so
7fad1cfc6000-7fad1cfc7000 r--p 00016000 fd:02 3463 /usr/lib64/libelf-0.176.so
7fad1cfc7000-7fad1cfc8000 rw-p 00017000 fd:02 3463 /usr/lib64/libelf-0.176.so
7fad1cfc8000-7fad1cfcc000 r-xp 00000000 fd:02 3479 /usr/lib64/libattr.so.1.1.0
7fad1cfcc000-7fad1d1cb000 ---p 00004000 fd:02 3479 /usr/lib64/libattr.so.1.1.0
7fad1d1cb000-7fad1d1cc000 r--p 00003000 fd:02 3479 /usr/lib64/libattr.so.1.1.0
7fad1d1cc000-7fad1d1cd000 rw-p 00004000 fd:02 3479 /usr/lib64/libattr.so.1.1.0
7fad1d1cd000-7fad1d21b000 r-xp 00000000 fd:02 18888 /usr/lib64/libdw-0.176.so
7fad1d21b000-7fad1d41b000 ---p 0004e000 fd:02 18888 /usr/lib64/libdw-0.176.so
7fad1d41b000-7fad1d41d000 r--p 0004e000 fd:02 18888 /usr/lib64/libdw-0.176.so
7fad1d41d000-7fad1d41e000 rw-p 00050000 fd:02 18888 /usr/lib64/libdw-0.176.so
7fad1d41e000-7fad1d422000 r-xp 00000000 fd:02 3481 /usr/lib64/libcap.so.2.22
7fad1d422000-7fad1d621000 ---p 00004000 fd:02 3481 /usr/lib64/libcap.so.2.22
7fad1d621000-7fad1d622000 r--p 00003000 fd:02 3481 /usr/lib64/libcap.so.2.22
7fad1d622000-7fad1d623000 rw-p 00004000 fd:02 3481 /usr/lib64/libcap.so.2.22
7fad1d623000-7fad1d629000 r-xp 00000000 fd:02 10300 /usr/lib64/libsystemd-daemon.so.0.0.12
7fad1d629000-7fad1d828000 ---p 00006000 fd:02 10300 /usr/lib64/libsystemd-daemon.so.0.0.12
7fad1d828000-7fad1d829000 r--p 00005000 fd:02 10300 /usr/lib64/libsystemd-daemon.so.0.0.12
7fad1d829000-7fad1d82a000 rw-p 00006000 fd:02 10300 /usr/lib64/libsystemd-daemon.so.0.0.12
7fad1d82a000-7fad1d82c000 r-xp 00000000 fd:02 15916 /usr/lib64/httpd/modules/mod_systemd.so
7fad1d82c000-7fad1da2b000 ---p 00002000 fd:02 15916 /usr/lib64/httpd/modules/mod_systemd.so
7fad1da2b000-7fad1da2c000 r--p 00001000 fd:02 15916 /usr/lib64/httpd/modules/mod_systemd.so
7fad1da2c000-7fad1da2d000 rw-p 00002000 fd:02 15916 /usr/lib64/httpd/modules/mod_systemd.so
7fad1da2d000-7fad1da42000 r-xp 00000000 fd:02 13 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fad1da42000-7fad1dc41000 ---p 00015000 fd:02 13 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fad1dc41000-7fad1dc42000 r--p 00014000 fd:02 13 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fad1dc42000-7fad1dc43000 rw-p 00015000 fd:02 13 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fad1dc43000-7fad1dd44000 r-xp 00000000 fd:02 6434 /usr/lib64/libm-2.17.so
7fad1dd44000-7fad1df43000 ---p 00101000 fd:02 6434 /usr/lib64/libm-2.17.so
7fad1df43000-7fad1df44000 r--p 00100000 fd:02 6434 /usr/lib64/libm-2.17.so
7fad1df44000-7fad1df45000 rw-p 00101000 fd:02 6434 /usr/lib64/libm-2.17.so
7fad1df45000-7fad1e02e000 r-xp 00000000 fd:02 8754 /usr/lib64/libstdc++.so.6.0.19
7fad1e02e000-7fad1e22d000 ---p 000e9000 fd:02 8754 /usr/lib64/libstdc++.so.6.0.19
7fad1e22d000-7fad1e235000 r--p 000e8000 fd:02 8754 /usr/lib64/libstdc++.so.6.0.19
7fad1e235000-7fad1e237000 rw-p 000f0000 fd:02 8754 /usr/lib64/libstdc++.so.6.0.19
7fad1e237000-7fad1e24c000 rw-p 00000000 00:00 0
7fad1e24c000-7fad1e253000 r-xp 00000000 fd:02 7457 /usr/lib64/librt-2.17.so
7fad1e253000-7fad1e452000 ---p 00007000 fd:02 7457 /usr/lib64/librt-2.17.so
7fad1e452000-7fad1e453000 r--p 00006000 fd:02 7457 /usr/lib64/librt-2.17.so
7fad1e453000-7fad1e454000 rw-p 00007000 fd:02 7457 /usr/lib64/librt-2.17.so
7fad1e454000-7fad1e4b0000 r-xp 00000000 fd:04 5242911 /application/CA/webagent/bin/libSmXlate.so
7fad1e4b0000-7fad1e5af000 ---p 0005c000 fd:04 5242911 /application/CA/webagent/bin/libSmXlate.so
7fad1e5af000-7fad1e5b3000 rw-p 0005b000 fd:04 5242911 /application/CA/webagent/bin/libSmXlate.so
7fad1e5b3000-7fad1e724000 r-xp 00000000 fd:04 5242928 /application/CA/webagent/bin/libicuuc.so.49
7fad1e724000-7fad1e824000 ---p 00171000 fd:04 5242928 /application/CA/webagent/bin/libicuuc.so.49
7fad1e824000-7fad1e836000 rw-p 00171000 fd:04 5242928 /application/CA/webagent/bin/libicuuc.so.49
7fad1e836000-7fad1e839000 rw-p 00000000 00:00 0
7fad1e839000-7fad1e844000 r-xp 00000000 fd:04 5242930 /application/CA/webagent/bin/libicuio.so.49
7fad1e844000-7fad1e944000 ---p 0000b000 fd:04 5242930 /application/CA/webagent/bin/libicuio.so.49
7fad1e944000-7fad1e946000 rw-p 0000b000 fd:04 5242930 /application/CA/webagent/bin/libicuio.so.49
7fad1e946000-7fad1eb63000 r-xp 00000000 fd:04 5242931 /application/CA/webagent/bin/libicui18n.so.49
7fad1eb63000-7fad1ec63000 ---p 0021d000 fd:04 5242931 /application/CA/webagent/bin/libicui18n.so.49
7fad1ec63000-7fad1ec70000 rw-p 0021d000 fd:04 5242931 /application/CA/webagent/bin/libicui18n.so.49
7fad1ec70000-7fad1ec71000 rw-p 00000000 00:00 0
7fad1ec71000-7fad1fd91000 r-xp 00000000 fd:04 5242926 /application/CA/webagent/bin/libicudata.so.49
7fad1fd91000-7fad1fe90000 ---p 01120000 fd:04 5242926 /application/CA/webagent/bin/libicudata.so.49
7fad1fe90000-7fad1fe91000 rw-p 0111f000 fd:04 5242926 /application/CA/webagent/bin/libicudata.so.49
7fad1fe91000-7fad1ff22000 r-xp 00000000 fd:04 5242910 /application/CA/webagent/bin/libsmi18n.so
7fad1ff22000-7fad20021000 ---p 00091000 fd:04 5242910 /application/CA/webagent/bin/libsmi18n.so
7fad20021000-7fad20024000 rw-p 00090000 fd:04 5242910 /application/CA/webagent/bin/libsmi18n.so
7fad20024000-7fad200a8000 r-xp 00000000 fd:04 5242909 /application/CA/webagent/bin/libsmcommonutil.so
7fad200a8000-7fad201a7000 ---p 00084000 fd:04 5242909 /application/CA/webagent/bin/libsmcommonutil.so
7fad201a7000-7fad201ad000 rw-p 00083000 fd:04 5242909 /application/CA/webagent/bin/libsmcommonutil.so
7fad201ad000-7fad201b3000 r-xp 00000000 fd:04 5242923 /application/CA/webagent/bin/libsmeventlogger.so
7fad201b3000-7fad202b3000 ---p 00006000 fd:04 5242923 /application/CA/webagent/bin/libsmeventlogger.so
7fad202b3000-7fad202b4000 rw-p 00006000 fd:04 5242923 /application/CA/webagent/bin/libsmeventlogger.so
7fad202b4000-7fad204e2000 r-xp 00000000 fd:04 5242941 /application/CA/webagent/bin/libmod_sm24.so
7fad204e2000-7fad205e2000 ---p 0022e000 fd:04 5242941 /application/CA/webagent/bin/libmod_sm24.so
7fad205e2000-7fad205e9000 rw-p 0022e000 fd:04 5242941 /application/CA/webagent/bin/libmod_sm24.so
7fad205e9000-7fad205ea000 rw-p 00000000 00:00 0
7fad205ea000-7fad205ec000 r-xp 00000000 fd:02 2720 /usr/lib64/libfreebl3.so
7fad205ec000-7fad207eb000 ---p 00002000 fd:02 2720 /usr/lib64/libfreebl3.so
7fad207eb000-7fad207ec000 r--p 00001000 fd:02 2720 /usr/lib64/libfreebl3.so
7fad207ec000-7fad207ed000 rw-p 00002000 fd:02 2720 /usr/lib64/libfreebl3.so
7fad207ed000-7fad207f1000 r-xp 00000000 fd:02 9124 /usr/lib64/libuuid.so.1.3.0
7fad207f1000-7fad209f0000 ---p 00004000 fd:02 9124 /usr/lib64/libuuid.so.1.3.0
7fad209f0000-7fad209f1000 r--p 00003000 fd:02 9124 /usr/lib64/libuuid.so.1.3.0
7fad209f1000-7fad209f2000 rw-p 00004000 fd:02 9124 /usr/lib64/libuuid.so.1.3.0
7fad209f2000-7fad20bb5000 r-xp 00000000 fd:02 3001 /usr/lib64/libc-2.17.so
7fad20bb5000-7fad20db5000 ---p 001c3000 fd:02 3001 /usr/lib64/libc-2.17.so
7fad20db5000-7fad20db9000 r--p 001c3000 fd:02 3001 /usr/lib64/libc-2.17.so
7fad20db9000-7fad20dbb000 rw-p 001c7000 fd:02 3001 /usr/lib64/libc-2.17.so
7fad20dbb000-7fad20dc0000 rw-p 00000000 00:00 0
7fad20dc0000-7fad20dc2000 r-xp 00000000 fd:02 3008 /usr/lib64/libdl-2.17.so
7fad20dc2000-7fad20fc2000 ---p 00002000 fd:02 3008 /usr/lib64/libdl-2.17.so
7fad20fc2000-7fad20fc3000 r--p 00002000 fd:02 3008 /usr/lib64/libdl-2.17.so
7fad20fc3000-7fad20fc4000 rw-p 00003000 fd:02 3008 /usr/lib64/libdl-2.17.so
7fad20fc4000-7fad20fdb000 r-xp 00000000 fd:02 3029 /usr/lib64/libpthread-2.17.so
7fad20fdb000-7fad211da000 ---p 00017000 fd:02 3029 /usr/lib64/libpthread-2.17.so
7fad211da000-7fad211db000 r--p 00016000 fd:02 3029 /usr/lib64/libpthread-2.17.so
7fad211db000-7fad211dc000 rw-p 00017000 fd:02 3029 /usr/lib64/libpthread-2.17.so
7fad211dc000-7fad211e0000 rw-p 00000000 00:00 0
7fad211e0000-7fad2120d000 r-xp 00000000 fd:02 3391 /usr/lib64/libapr-1.so.0.4.8
7fad2120d000-7fad2140d000 ---p 0002d000 fd:02 3391 /usr/lib64/libapr-1.so.0.4.8
7fad2140d000-7fad2140e000 r--p 0002d000 fd:02 3391 /usr/lib64/libapr-1.so.0.4.8
7fad2140e000-7fad2140f000 rw-p 0002e000 fd:02 3391 /usr/lib64/libapr-1.so.0.4.8
7fad2140f000-7fad215c3000 r-xp 00000000 fd:02 9471 /usr/lib64/libdb-5.3.so
7fad215c3000-7fad217c3000 ---p 001b4000 fd:02 9471 /usr/lib64/libdb-5.3.so
7fad217c3000-7fad217ca000 r--p 001b4000 fd:02 9471 /usr/lib64/libdb-5.3.so
7fad217ca000-7fad217cd000 rw-p 001bb000 fd:02 9471 /usr/lib64/libdb-5.3.so
7fad217cd000-7fad217f4000 r-xp 00000000 fd:02 3491 /usr/lib64/libexpat.so.1.6.0
7fad217f4000-7fad219f4000 ---p 00027000 fd:02 3491 /usr/lib64/libexpat.so.1.6.0
7fad219f4000-7fad219f6000 r--p 00027000 fd:02 3491 /usr/lib64/libexpat.so.1.6.0
7fad219f6000-7fad219f7000 rw-p 00029000 fd:02 3491 /usr/lib64/libexpat.so.1.6.0
7fad219f7000-7fad219ff000 r-xp 00000000 fd:02 3006 /usr/lib64/libcrypt-2.17.so
7fad219ff000-7fad21bfe000 ---p 00008000 fd:02 3006 /usr/lib64/libcrypt-2.17.so
7fad21bfe000-7fad21bff000 r--p 00007000 fd:02 3006 /usr/lib64/libcrypt-2.17.so
7fad21bff000-7fad21c00000 rw-p 00008000 fd:02 3006 /usr/lib64/libcrypt-2.17.so
7fad21c00000-7fad21c2e000 rw-p 00000000 00:00 0
7fad21c2e000-7fad21c56000 r-xp 00000000 fd:02 6405 /usr/lib64/libaprutil-1.so.0.5.2
7fad21c56000-7fad21e55000 ---p 00028000 fd:02 6405 /usr/lib64/libaprutil-1.so.0.5.2
7fad21e55000-7fad21e56000 r--p 00027000 fd:02 6405 /usr/lib64/libaprutil-1.so.0.5.2
7fad21e56000-7fad21e57000 rw-p 00028000 fd:02 6405 /usr/lib64/libaprutil-1.so.0.5.2
7fad21e57000-7fad21e7b000 r-xp 00000000 fd:02 3180 /usr/lib64/libselinux.so.1
7fad21e7b000-7fad2207a000 ---p 00024000 fd:02 3180 /usr/lib64/libselinux.so.1
7fad2207a000-7fad2207b000 r--p 00023000 fd:02 3180 /usr/lib64/libselinux.so.1
7fad2207b000-7fad2207c000 rw-p 00024000 fd:02 3180 /usr/lib64/libselinux.so.1
7fad2207c000-7fad2207e000 rw-p 00000000 00:00 0
7fad2207e000-7fad220de000 r-xp 00000000 fd:02 3169 /usr/lib64/libpcre.so.1.2.0
7fad220de000-7fad222de000 ---p 00060000 fd:02 3169 /usr/lib64/libpcre.so.1.2.0
7fad222de000-7fad222df000 r--p 00060000 fd:02 3169 /usr/lib64/libpcre.so.1.2.0
7fad222df000-7fad222e0000 rw-p 00061000 fd:02 3169 /usr/lib64/libpcre.so.1.2.0
7fad222e0000-7fad22302000 r-xp 00000000 fd:02 6414 /usr/lib64/ld-2.17.so
7fad2237f000-7fad223ab000 r-xp 00000000 fd:04 5242905 /application/CA/webagent/bin/libsmerrlog.so
7fad223ab000-7fad224aa000 ---p 0002c000 fd:04 5242905 /application/CA/webagent/bin/libsmerrlog.so
7fad224aa000-7fad224ad000 rw-p 0002b000 fd:04 5242905 /application/CA/webagent/bin/libsmerrlog.so
7fad224ad000-7fad224f6000 rw-p 00000000 00:00 0
7fad224ff000-7fad22500000 rw-p 00000000 00:00 0
7fad22500000-7fad22501000 rw-p 00000000 00:00 0
7fad22501000-7fad22502000 r--p 00021000 fd:02 6414 /usr/lib64/ld-2.17.so
7fad22502000-7fad22503000 rw-p 00022000 fd:02 6414 /usr/lib64/ld-2.17.so
7fad22503000-7fad22504000 rw-p 00000000 00:00 0
7fffdebb9000-7fffdebda000 rw-p 00000000 00:00 0 [stack]
7fffdebee000-7fffdebf0000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

I tried to trace the error to the code, but i did not get any closer to a solution.
It seems like allocation did return a wrong pointer, but i wasnt able to figure out why yet.

Do you have an idea what is going on here?

Thanks.

Hi,

1. I would like OAuth module to validate JWT access token locally like JWT signature validation and give access based on a claim 'sub' or 'scope'. I am not seeing anything happening like this in logs or how to do it in configuration.
2. LogLevel is set to debug and i see only logs from oidc module auth_openidc:debug. I do not see any logs from oauth2 module.
3. If i comment the line "OAuth2TokenVerify introspect ...", i am not able to access the protected resource. I think Local validation of JWT should happen.

Configuration:
<Location /example/oauth20>
AuthType oauth2
Require valid-user

OAuth2TokenVerify introspect https://xyz.com/introspect introspect.ssl_verify=false&introspect.auth=client_secret_post&client_id=clientid&client_secret=xxxxx=
OAuth2TokenVerify jwks_uri https://xyz.com/jwks jwks_uri.ssl_verify=false

#OAuth2AcceptTokenIn environment name=OIDC_access_token
OAuth2AcceptTokenIn query name=access_token

Your help is highly appreciated.

The Discussions function isn't open in this Github.
Not that I have anything to actually say right now. But I MIGHT!

I compile mod_oauth2 and liboauth2 on debian10, and i have Segmentation fault (core dumped) after few minutes (one time after 30 seconds, other time after 5 minutes....).

Full log:

[Tue Sep 01 12:52:33.983683 2020] [mpm_event:notice] [pid 2392:tid 140672166208640] AH00492: caught SIGWINCH, shutting down gracefully
Segmentation fault (core dumped)
Action '-D FOREGROUND' failed.
The Apache error log may have more information

In core dump i have:

(gdb) bt full
#0  0x00007ff0ca4c973f in oauth2_apache_child_cleanup (data=0x555d629dceb0, m=0x7ff0ca503180 <oauth2_module>, 
    package_name_version=0x7ff0ca501013 "mod_oauth2-3.1.0") at src/server/apache.c:144
        cfg = 0x0
        sp = 0x555d629dceb0
#1  0x00007ff0ca4c9812 in oauth2_apache_parent_cleanup (data=0x7ff0ca7c44a0, m=0x7ff0ca503180 <oauth2_module>, 
    package_name_version=0x7ff0ca501013 "mod_oauth2-3.1.0") at src/server/apache.c:161
        s = 0x7ff0ca7c44a0
        cfg = 0x555d629dceb0
        __FUNCTION__ = "oauth2_apache_parent_cleanup"
#2  0x00007ff0caa85a3e in apr_pool_destroy () from /usr/lib/x86_64-linux-gnu/libapr-1.so.0
No symbol table info available.
#3  0x00007ff0caa85a15 in apr_pool_destroy () from /usr/lib/x86_64-linux-gnu/libapr-1.so.0
No symbol table info available.
#4  0x0000555d6156e4e8 in ?? ()
No symbol table info available.
#5  0x0000555d6156dfa1 in main ()
No symbol table info available.
(gdb)

Apache2 version:

apache2 -V 
[Tue Sep 01 13:25:59.937675 2020] [core:warn] [pid 2637] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Server version: Apache/2.4.38 (Debian)
Server built:   2019-10-15T19:53:42
Server's Module Magic Number: 20120211:84
Server loaded:  APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

Is it currently possible to utilize a redis username AND password when authenticating to Redis?

The documentation mentions the ability to pass a password, but quite a few years back REdis becan supporting true ACLs, meaning you can now authenticate with a username AND a password.

I'd like to know if i pass like: "OAuth2username" or "username" or "OAuth2redisusername" - will it be able to authenticate with a username and password?

I am trying to migrate from mod_auth_openidc, but I find the documentation inside the conf-file very confusing and lackluster.

For example, I am trying to find out which of the options like ssl_verify and verify.exp I actually need to specify. Unfortunately, their default values don't seem to be documented.

We use Apache 2.4, mod_oauth 3.3.0.

In the Apache configuration we have access control configuration as below:

# Any of the audiences will be allowed.
<RequireAny>
  Require oauth2_claim 'aud:kubepie'
  Require oauth2_claim 'aud:jupyterhub'
  Require oauth2_claim 'aud:jupyterhub-review'
</RequireAny>

When we get access to the protected directory (Apache autoindex) using a valid bearer token, we get access but the response contains plenty of header as below:

< www-authenticate: Bearer error="insufficient_scope", error_description="Different scope(s) or other claims required."

Corresponding debug logs:

[Fri Jan 20 15:21:11.548245 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(211): [client 192.168.20.17:0] oauth2_authz_checker: enter
[Fri Jan 20 15:21:11.548263 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(1024): [client 192.168.20.17:0] oauth2_apache_authorize: evaluating claim/expr specification: aud:kubepie
[Fri Jan 20 15:21:11.548266 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "exp"
[Fri Jan 20 15:21:11.548268 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "iat"
...
[Fri Jan 20 15:21:11.548287 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(839): [client 192.168.20.17:0] oauth2_apache_authz_match_value: matching: spec_c=kubepie, key=aud
...
[Fri Jan 20 15:21:11.548319 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(366): [client 192.168.20.17:0] oauth2_apache_return_www_authenticate: enter
[Fri Jan 20 15:21:11.548322 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(458): [client 192.168.20.17:0] oauth2_apache_hdr_out_add: WWW-Authenticate: Bearer error="insufficient_scope", error_description="Different scope(s) or other claims required."
[Fri Jan 20 15:21:11.548325 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(390): [client 192.168.20.17:0] oauth2_apache_return_www_authenticate: leave
[Fri Jan 20 15:21:11.548327 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(232): [client 192.168.20.17:0] oauth2_authz_checker: setting environment variable OAUTH2_BEARER_SCOPE_ERROR to "Bearer error="insufficient_scope", error_description="Different scope(s) or other claims required."" for usage in mod_headers
[Fri Jan 20 15:21:11.548330 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(240): [client 192.168.20.17:0] oauth2_authz_checker: leave
[Fri Jan 20 15:21:11.548331 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of Require oauth2_claim 'aud:kubepie': denied
[Fri Jan 20 15:21:11.548334 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(211): [client 192.168.20.17:0] oauth2_authz_checker: enter
[Fri Jan 20 15:21:11.548353 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(1024): [client 192.168.20.17:0] oauth2_apache_authorize: evaluating claim/expr specification: aud:jupyterhub
[Fri Jan 20 15:21:11.548355 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "exp"
[Fri Jan 20 15:21:11.548357 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "iat"
...
[Fri Jan 20 15:21:11.548365 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(839): [client 192.168.20.17:0] oauth2_apache_authz_match_value: matching: spec_c=jupyterhub, key=aud
[Fri Jan 20 15:21:11.548366 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "sub"
...
[Fri Jan 20 15:21:11.548398 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(366): [client 192.168.20.17:0] oauth2_apache_return_www_authenticate: enter
[Fri Jan 20 15:21:11.548400 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(458): [client 192.168.20.17:0] oauth2_apache_hdr_out_add: WWW-Authenticate: Bearer error="insufficient_scope", error_description="Different scope(s) or other claims required."
[Fri Jan 20 15:21:11.548402 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(390): [client 192.168.20.17:0] oauth2_apache_return_www_authenticate: leave
[Fri Jan 20 15:21:11.548404 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(232): [client 192.168.20.17:0] oauth2_authz_checker: setting environment variable OAUTH2_BEARER_SCOPE_ERROR to "Bearer error="insufficient_scope", error_description="Different scope(s) or other claims required."" for usage in mod_headers
[Fri Jan 20 15:21:11.548407 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(240): [client 192.168.20.17:0] oauth2_authz_checker: leave
[Fri Jan 20 15:21:11.548408 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of Require oauth2_claim 'aud:jupyterhub': denied
[Fri Jan 20 15:21:11.548410 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(211): [client 192.168.20.17:0] oauth2_authz_checker: enter
[Fri Jan 20 15:21:11.548428 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(1024): [client 192.168.20.17:0] oauth2_apache_authorize: evaluating claim/expr specification: aud:jupyterhub-review
[Fri Jan 20 15:21:11.548431 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "exp"
[Fri Jan 20 15:21:11.548433 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(927): [client 192.168.20.17:0] oauth2_apache_authz_match_claim: evaluating key "iat"
...
[Fri Jan 20 15:21:11.548441 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(839): [client 192.168.20.17:0] oauth2_apache_authz_match_value: matching: spec_c=jupyterhub-review, key=aud
[Fri Jan 20 15:21:11.548443 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/server/apache.c(1029): [client 192.168.20.17:0] oauth2_apache_authorize: require claim/expr 'aud:jupyterhub-review' matched
[Fri Jan 20 15:21:11.548446 2023] [oauth2:debug] [pid 7:tid 140689342269184] src/mod_oauth2.c(240): [client 192.168.20.17:0] oauth2_authz_checker: leave
[Fri Jan 20 15:21:11.548448 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of Require oauth2_claim 'aud:jupyterhub-review': granted
[Fri Jan 20 15:21:11.548450 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of <RequireAny>: granted
[Fri Jan 20 15:21:11.548451 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of <RequireAll>: granted
[Fri Jan 20 15:21:11.548453 2023] [authz_core:debug] [pid 7:tid 140689342269184] mod_authz_core.c(815): [client 192.168.20.17:0] AH01626: authorization result of <RequireAny>: granted

It seems that this issue might have been fixed in OpenIDC/mod_auth_openidc@8ed00cc but was not propagated to the OAuth2 module.

Could you, please, take a look at it and fix or recommend a solution for us?

/cc @manfuin

We have a loadbalancer in front of two httpd nodes with versions:
httpd.x86_64 2.4.6-67.el7.centos.6
liboauth2.x86_64 1.4.4.2-1.el7
liboauth2-apache.x86_64 1.4.4.2-1.el7
mod_auth_openidc.x86_64 2.4.3-1.el7

When requesting an url that would require authentication via the proxy we get a 502 returned and the logs show a segmentation fault. When trying the same request directly to one of the balance members this error is not generated and the expected result is returned ( an empty directory ).

We found that if the Authorization header is missing in the request via the proxy this segfault is generated but when it is set to an invalid one it does return the empty directory. So adding RequestHeader setIfEmpty Authorization "Bearer: empty" in our proxy configuration fixed the issue. We are unsure if this is intended behavior or not.

Attached the debug output from both requests:
direct_sanitized.txt
via_proxy_sanitized.txt

Hi.

I have legacy app (not editable) served by apache, this app require Basic authorization header.
I am developing service for integration with this app, service uses OAuth2 authorization.
I can put in token claims like app_user and app_password or just app_basic_auth_header claim (not sure apache can calculate base64).
How can I rewrite HTTP_AUTHORIZATION header with value from claim?

Found on stackoverflow this:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

So does this will work?
AuthType oauth2
OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false
OAuth2TargetPass headers=on
RewriteEngine On
RewriteCond %{HTTP:OAUTH2_CLAIM_app_basic_auth_header} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

Hello,

Thank you for this project. I am trying to migrate from mod_auth_openidc and things are generally working well. However I occasionally get a double free error + core dump, usually under high load. From error.log:

double free or corruption (out)
[Wed Mar 02 17:02:55.578479 2022] [core:notice] [pid 50:tid 139818184620992] AH00051: child pid 2220 exit signal Aborted (6), possible coredump in /cores

I was able to get a stack trace from the core dump:

Thread 121 (Thread 0x7f29e52e0700 (LWP 799)):
#0  0x00007f29f44e3177 in kill () at ../sysdeps/unix/syscall-template.S:78
#1  <signal handler called>
#2  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#3  0x00007f29f44e47f1 in __GI_abort () at abort.c:79
#4  0x00007f29f452d837 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f29f465aa7b "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#5  0x00007f29f45348ba in malloc_printerr (str=str@entry=0x7f29f465c788 "double free or corruption (out)") at malloc.c:5342
#6  0x00007f29f453be4a in _int_free (have_lock=0, p=0x7f29d8003200, av=0x7f29f488fc40 <main_arena>) at malloc.c:4308
#7  __GI___libc_free (mem=0x7f29d8003210) at malloc.c:3134
#8  0x00007f29f3163cd9 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4
#9  0x00007f29f317065d in curl_easy_cleanup () from /usr/lib/x86_64-linux-gnu/libcurl.so.4
#10 0x00007f29ea9b5810 in ?? () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#11 0x00007f29ea9b596e in oauth2_url_encode () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#12 0x00007f29ea9c7211 in ?? () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#13 0x00007f29ea9c7305 in ?? () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#14 0x00007f29ea9b6fd7 in oauth2_nv_list_loop () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#15 0x00007f29ea9c7541 in oauth2_http_url_form_encode () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#16 0x00007f29ea9c83a7 in oauth2_http_post_form () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#17 0x00007f29ea9cb4ad in ?? () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#18 0x00007f29ea9cb743 in ?? () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#19 0x00007f29ea9cc6ef in oauth2_token_verify () from /usr/lib/x86_64-linux-gnu/liboauth2.so.0
#20 0x00007f29eabe9a0b in ?? () from /usr/lib/apache2/modules/mod_oauth2.so
#21 0x00007f29eabe9f25 in ?? () from /usr/lib/apache2/modules/mod_oauth2.so
#22 0x000055821c4a5480 in ap_run_check_user_id ()
#23 0x000055821c4a8063 in ap_process_request_internal ()
#24 0x000055821c4c7228 in ap_process_async_request ()
#25 0x000055821c4c38e0 in ?? ()
#26 0x000055821c4b9090 in ap_run_process_connection ()
#27 0x00007f29eb001ecf in ?? () from /usr/lib/apache2/modules/mod_mpm_event.so
#28 0x00007f29eb0028e5 in ?? () from /usr/lib/apache2/modules/mod_mpm_event.so
#29 0x00007f29f489c6db in start_thread (arg=0x7f29e52e0700) at pthread_create.c:463
#30 0x00007f29f45c561f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I think that is somewhere around this code: https://github.com/zmartzone/liboauth2/blob/fdc6b2f0fc1255925359cae3e83471a20347d687/src/util.c#L293

Regarding my setup, I am using token introspection:

OAuth2TokenVerify introspect https://... introspect.ssl_verify=false&verify.iat=skip

I am also using mpm_event with fairly high concurrency:

<IfModule mpm_event_module>
StartServers			 25
ServerLimit             100
MinSpareThreads		 5
MaxSpareThreads		 3000
ThreadsPerChild		 120
ThreadLimit			 256
MaxRequestWorkers	  12000
MaxConnectionsPerChild   10000
</IfModule>

Apache version:

# apache2 -V 
[Thu Mar 03 01:42:20.288165 2022] [core:warn] [pid 51911] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Server version: Apache/2.4.29 (Ubuntu)
Server built:   2022-01-05T14:50:41
Server's Module Magic Number: 20120211:68
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

Any insights would be greatly appreciated, I'm fairly stuck. Thank you.

Hi,

I've just compile liboauth2 => OK , mod_auth_openidc=>Ok but for this library I've got fatal error.
here the log:

cal/include -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/include -I/usr/include/apr-1.0 -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1.0 -g -O2 -MT src/mod_oauth2_la-mod_oauth2.lo -MD -MP -MF src/.deps/mod_oauth2_la-mod_oauth2.Tpo -c -o src/mod_oauth2_la-mod_oauth2.lo test -f 'src/mod_oauth2.c' || echo './'src/mod_oauth2.c
libtool: compile: gcc -DPACKAGE_NAME="mod_oauth2" -DPACKAGE_TARNAME="mod_oauth2" -DPACKAGE_VERSION="3.2.2" "-DPACKAGE_STRING="mod_oauth2 3.2.2"" -DPACKAGE_BUGREPORT="[email protected]" -DPACKAGE_URL="" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=".libs/" -I. -Wall -Werror -DOAUTH2_PACKAGE_NAME_VERSION="mod_oauth2-3.2.2" -I/usr/local/include -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/include -I/usr/include/apr-1.0 -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apr-1.0 -g -O2 -MT src/mod_oauth2_la-mod_oauth2.lo -MD -MP -MF src/.deps/mod_oauth2_la-mod_oauth2.Tpo -c src/mod_oauth2.c -fPIC -DPIC -o src/.libs/mod_oauth2_la-mod_oauth2.o
In file included from src/mod_oauth2.c:24:
/usr/local/include/oauth2/apache.h:41:10: fatal error: httpd.h: Aucun fichier ou dossier de ce type
41 | #include <httpd.h>
| ^~~~~~~~~
compilation terminated.
make: *** [Makefile:510 : src/mod_oauth2_la-mod_oauth2.lo] Erreur 1

I missed something during compile ? options for a path or something ?

Thanks

Hi
I'm using a proxy to request outside URIs.
Even if I'm writing in my http.conf file
OAuth2TokenVerify jwks_uri https://myURL jwks_uri.outgoing_proxy="https://myProxy:3125"
The outgoing_proxy value is not taken into account.
In the log debug file src/http.c(979) : ctx=[ ssl_verify=true hdr=[ ] cookie=[ ] ]
Thanks
Camille.

Hello,

Is it possible to transfer access token claims in the header, something like OIDCOAuthRemoteUserClaim in the mod_auth_openidc ?

Hi,

i'm trying to implement mod_oauth2 with an Azure AD application registration.
However it doesn't look like it's validating the token:

[root@server ~]# curl https://my.server.com/testar -H "Authorization: Bearer "

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

and debug logs:
[Thu Nov 30 09:27:17.409756 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/server/apache.c(326): [client 10.10.0.208:52050] oauth2_apache_request_context_init: created request context: 0x7f483c00e3a0
[Thu Nov 30 09:27:17.409764 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/mod_oauth2.c(211): [client 10.10.0.208:52050] oauth2_authz_checker: enter
[Thu Nov 30 09:27:17.409770 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/mod_oauth2.c(243): [client 10.10.0.208:52050] oauth2_authz_checker: leave
[Thu Nov 30 09:27:17.409777 2023] [authz_core:debug] [pid 18349:tid 139947482806016] mod_authz_core.c(820): [client 10.10.0.208:52050] AH01626: authorization result of Require oauth2_claim iss:https://sts.windows.net//: denied (no authenticated user yet)
[Thu Nov 30 09:27:17.409787 2023] [authz_core:debug] [pid 18349:tid 139947482806016] mod_authz_core.c(820): [client 10.10.0.208:52050] AH01626: authorization result of : denied (no authenticated user yet)

config:
<Location /testar>
AuthType oauth2
Require oauth2_claim iss:https://sts.windows.net//

Is this the expected behaviour or am i missing something in configuration here ?

kind regards

Hi,

How can I set the body of the introspection request ?

Like in mod_auth_openidc :
OIDCOAuthIntrospectionEndpointParams "uri=[]&method=[]&token=[]"

I have the following conf for token introspection :
OAuth2TokenVerify introspect https://auth:2626/token_introspection introspect.ssl_verify=false

My auth server require a request body with the following parameters :
method=[]
uri=[]
token[]

Thanks

there is no rpm for RH8

Hi, sorry for simple question but,
cannot find a proper sequence on how to install. Wiki redirects back to home page.
My challenge is with a tree of dependencies for all the required modules, seems like i am doing smth wrong.
Would be great if someone can share a simple logic on how to install the module.

PS. We are currently using mod_auth_openidc, but I came here because there was a message that it is deprecated and is being replaced by this module.

Thanks.

Hello,
as many of others I am looking to validate a bearer token provided by an internal separate OP (so I am sure I am authenticated already), via HTTPD / Apache in order to call a REST API running somewhere behind that OP.

since the OAauth2 is suppressed from the last version of auth_openidc I am wondering what kind of config to put into httpd.conf? I have the introspection URL and the token generated but I don't know how to set them:

a partial config of my httpd-API.conf that is not working when I call my API using GET

OAuth2TokenVerify introspect https://introspect-url/validatetoken introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=API&client_secret=XXXXXX
<Location /api/1.0/>
Authtype oauth20
Require valid-user
ProxyPass http://localhost:8282/ma/
ProxyPassReverse http://localhost:8282/ma/

and I receive: No authentication done but request not allowed without authentication....Authentication not configured?

[auth_openidc:error] [pid 106696] [client IP-X.X.X.X:50346] oidc_oauth_validate_jwt_access_token: could not parse JWT from access_token: [src/jose.c:755: oidc_jwt_parse]: cjose_jws_import failed: invalid argument [file: jws.c, function: cjose_jws_import, line: 787]

could you please help me?
let me know what other information needed.

Appreciate your help