BareosWebUI and OpenID

4 views

Skip to first unread message

Christophe Dumont

unread,

Mar 6, 2026, 8:59:40 AM (yesterday) Mar 6

to bareos-users

Hello Everyone,

I'm trying to setup Bareos WebUI authentification with Keycloack.

I've installed mod_auth_openidc.so. All the SSO/Keycloack part works. I'm getting token.

The problem is that i get stucked on the login page even if the SSO Token is ok.

Here's th config file of apache.

/etc/apache2/conf-available/bareos-webui.conf
<VirtualHost *:443>
ServerName bareos-preprod.xxx.xxx

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/bareos.crt
SSLCertificateKeyFile /etc/apache2/ssl/bareos.key

RedirectMatch ^/$ /bareos-webui/

OIDCProviderMetadataURL https://websso.xxx.xxx/auth/realms/xxxx/.well-known/openid-configuration
OIDCClientID bareos-webui
OIDCClientSecret xxxxxxxxxxxxxxxxxxxxxxxxxx
OIDCRedirectURI https://bareos-preprod.xxx.xxx/oidc_callback
OIDCRemoteUserClaim preferred_username
OIDCResponseType code
OIDCScope "openid email profile"
OIDCCryptoPassphrase xxxxxxxxxxxxxxxxxxxxxxx
OIDCSessionMaxDuration 7200
OIDCSessionInactivityTimeout 1800
OIDCSessionType server-cache
OIDCCookiePath /
OIDCCookieHttpOnly On
OIDCCookieSameSite Off

Alias /bareos-webui /usr/share/bareos-webui/public

<Directory /usr/share/bareos-webui/public>
Options FollowSymLinks
AllowOverride None
Require all granted

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /bareos-webui
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
</Directory>

<Location /bareos-webui>
AuthType openid-connect
Require valid-user

RequestHeader set X-Forwarded-User %{REMOTE_USER}s
</Location>

<Location /oidc_callback>
AuthType openid-connect
Require valid-user
</Location>

LogLevel auth_openidc:debug
</VirtualHost>