Httpd 504 after update to mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 #1356

tkd4444 · 2025-10-15T18:48:54Z

tkd4444
Oct 15, 2025

Hello,

I'm facing a problem. I'm on Amazon Linux 2023 (AL23) I'm also using their repository.

Since update to mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 from mod_auth_openidc-2.4.15-3.amzn2023.x86_64 I'm getting 504 when accessing protected paths. Not sure what's going on. When I enabled debug I can see this relevant info in apache's error log:

[auth_openidc:error] [pid 26896:tid 26945] [client <IP>:0] oidc_util_jwt_verify: oidc_jose_uncompress failed: [src/jose.c:1048: oidc_jose_zlib_uncompress]: inflate() failed: -3
[auth_openidc:error] [pid 26896:tid 26945] [client <IP>:0] oidc_session_decode: could not verify secure JWT: cache value possibly corrupted

Server version: Apache/2.4.65 (Amazon Linux)

config:

 OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
 OIDCClientID <id>.apps.googleusercontent.com
 OIDCClientSecret <secret>
 OIDCScope "openid email"
 OIDCRedirectURI /path/protected
 OIDCCryptoPassphrase <passphrase>
 OIDCSessionType client-cookie:persistent
 OIDCRemoteUserClaim email
 OIDCXForwardedHeaders X-Forwarded-Port X-Forwarded-Proto
 OIDCSessionInactivityTimeout 28800
 <Location "/path">
  AuthType openid-connect
  AuthLDAPURL "ldap://localhost:389/ou=users,dc=domain,dc=org?mail?sub?(objectClass=*)"
  Require ldap-filter memberof=cn=group,ou=Groups,dc=group,dc=org
  Require ldap-filter memberof=cn=group,ou=Groups,dc=group,dc=org
  AuthLDAPBindDN <string>
  AuthLDAPBindPassword <pass>
 </Location>

When I revert back to mod_auth_openidc-2.4.15-3.amzn2023.x86_64 all works as expected.

Any ideas ?

Thanks !
David

zandbelt · 2025-10-16T04:15:21Z

zandbelt
Oct 16, 2025
Maintainer

the session cookie format is not compatible between the two versions, you'll need to remove the session cookie and re-authenticate

3 replies

tkd4444 Oct 16, 2025
Author

@zandbelt thanks a lot for the reply. I don't think this is going to be it. When I access the protected path without any previous session cookie the same happens. 504.

zandbelt Oct 16, 2025
Maintainer

since you're using the amzn2023 build, you are probably a subscriber of the commercial licensing program and you can contact the commercial support channel about it

tkd4444 Oct 16, 2025
Author

I'm not aware that I would be a subscriber of any commercial licensing program. I can try to reach out directly to AWS support. But I really doubt they would be any help here.

tkd4444 · 2025-10-16T17:08:47Z

tkd4444
Oct 16, 2025
Author

@zandbelt

Debug log from mod_auth_openidc-2.4.15-3.amzn2023.x86_64 where all works as expected.

[Thu Oct 16 12:42:48.118034 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/mod_auth_openidc.c(4276): [client [REDACTED_IP]:0] oidc_check_user_id: incoming request: "/path?(null)", ap_is_initial_req(r)=1
[Thu Oct 16 12:42:48.118045 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118052 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118057 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118062 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118067 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118072 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(869): [client [REDACTED_IP]:0] oidc_get_absolute_url: determined absolute url: https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118077 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(113): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Thu Oct 16 12:42:48.118098 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(115): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Thu Oct 16 12:42:48.118108 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(1520): [client [REDACTED_IP]:0] oidc_util_get_cookie: returning "mod_auth_openidc_session_chunks" = <null>
[Thu Oct 16 12:42:48.118113 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(1520): [client [REDACTED_IP]:0] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>
[Thu Oct 16 12:42:48.118118 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118122 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118126 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118131 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118136 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118140 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(869): [client [REDACTED_IP]:0] oidc_get_absolute_url: determined absolute url: https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118158 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(1666): [client [REDACTED_IP]:0] oidc_util_request_matches_url: comparing "/path"=="/path/protected"
[Thu Oct 16 12:42:48.118164 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Sec-Fetch-Mode=navigate
[Thu Oct 16 12:42:48.118169 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Sec-Fetch-Mode=navigate
[Thu Oct 16 12:42:48.118173 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Sec-Fetch-Dest=document
[Thu Oct 16 12:42:48.118177 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Sec-Fetch-Dest=document
[Thu Oct 16 12:42:48.118182 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
[Thu Oct 16 12:42:48.118188 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118192 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118196 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118201 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118205 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118210 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(858): [client [REDACTED_IP]:0] oidc_get_current_url: current URL 'https://[REDACTED_DOMAIN]:443/path'
[Thu Oct 16 12:42:48.118215 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/mod_auth_openidc.c(2459): [client [REDACTED_IP]:0] oidc_authenticate_user: enter
[Thu Oct 16 12:42:48.118220 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/cache/common.c(271): [client [REDACTED_IP]:0] oidc_cache_get: enter: p (section=p, decrypt=0, type=shm)
[Thu Oct 16 12:42:48.118229 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/cache/common.c(322): [client [REDACTED_IP]:0] oidc_cache_get: cache hit: return 1342 bytes from shm cache backend for key https://accounts.google.com/.well-known/openid-configuration
[Thu Oct 16 12:42:48.118293 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(113): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 32 bytes
[Thu Oct 16 12:42:48.118307 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(115): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Thu Oct 16 12:42:48.118314 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(113): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 32 bytes
[Thu Oct 16 12:42:48.118325 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(115): [client [REDACTED_IP]:0] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Thu Oct 16 12:42:48.118348 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118352 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118357 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118361 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118371 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118376 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(869): [client [REDACTED_IP]:0] oidc_get_absolute_url: determined absolute url: https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118381 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(1666): [client [REDACTED_IP]:0] oidc_util_request_matches_url: comparing "/path"=="/path/protected"
[Thu Oct 16 12:42:48.118388 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/mod_auth_openidc.c(200): [client [REDACTED_IP]:0] oidc_get_browser_state_hash: enter
[Thu Oct 16 12:42:48.118393 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
[Thu Oct 16 12:42:48.118410 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2601): [client [REDACTED_IP]:0] oidc_util_create_symmetric_key: key_len=32
[Thu Oct 16 12:42:48.118484 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118493 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(1407): [client [REDACTED_IP]:0] oidc_util_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Thu Oct 16 12:42:48.118500 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2852): [client [REDACTED_IP]:0] oidc_util_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_[REDACTED_STATE]=[REDACTED_COOKIE]; Path=/; Secure; HttpOnly; SameSite=Lax
[Thu Oct 16 12:42:48.118508 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118512 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118516 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118521 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118526 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118530 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(869): [client [REDACTED_IP]:0] oidc_get_absolute_url: determined absolute url: https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118535 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118540 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118544 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:42:48.118548 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: Host=[REDACTED_DOMAIN]
[Thu Oct 16 12:42:48.118552 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2780): [client [REDACTED_IP]:0] oidc_util_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:42:48.118562 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(869): [client [REDACTED_IP]:0] oidc_get_absolute_url: determined absolute url: https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118573 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/proto.c(550): [client [REDACTED_IP]:0] oidc_proto_authorization_request: enter, issuer=https://accounts.google.com, redirect_uri=https://[REDACTED_DOMAIN]:443/path/protected, state=[REDACTED_STATE], proto_state={"ou":"https://[REDACTED_DOMAIN]:443/path","om":"get","i":"https://accounts.google.com","rt":"code","n":"[REDACTED]","t":1760618568,"ps":"[REDACTED]"}, code_challenge=[REDACTED_CODE_CHALLENGE], auth_request_params=(null), path_scope=(null)
[Thu Oct 16 12:42:48.118583 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: response_type=code
[Thu Oct 16 12:42:48.118619 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: scope=openid email
[Thu Oct 16 12:42:48.118634 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: client_id=[REDACTED_CLIENT_ID]
[Thu Oct 16 12:42:48.118650 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: state=[REDACTED_STATE]
[Thu Oct 16 12:42:48.118665 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: redirect_uri=https://[REDACTED_DOMAIN]:443/path/protected
[Thu Oct 16 12:42:48.118681 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: nonce=[REDACTED_NONCE]
[Thu Oct 16 12:42:48.118696 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: code_challenge=[REDACTED_CODE_CHALLENGE]
[Thu Oct 16 12:42:48.118711 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(955): [client [REDACTED_IP]:0] oidc_util_http_add_form_url_encoded_param: processing: code_challenge_method=S256
[Thu Oct 16 12:42:48.118727 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(986): [client [REDACTED_IP]:0] oidc_util_http_query_encoded_url: url=https://accounts.google.com/o/oauth2/v2/auth?response_type=code&scope=openid%20email&client_id=[REDACTED_CLIENT_ID]&state=[REDACTED_STATE]&redirect_uri=https%3A%2F%2F[REDACTED_DOMAIN]%3A443%2Fpath%2Fprotected&nonce=[REDACTED_NONCE]&code_challenge=[REDACTED_CODE_CHALLENGE]&code_challenge_method=S256
[Thu Oct 16 12:42:48.118735 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2833): [client [REDACTED_IP]:0] oidc_util_hdr_table_set: Location: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&scope=openid%20email&client_id=[REDACTED_CLIENT_ID]&state=[REDACTED_STATE]&redirect_uri=https%3A%2F%2F[REDACTED_DOMAIN]%3A443%2Fpath%2Fprotected&nonce=[REDACTED_NONCE]&code_challenge=[REDACTED_CODE_CHALLENGE]&code_challenge_method=S256
[Thu Oct 16 12:42:48.118742 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/util.c(2852): [client [REDACTED_IP]:0] oidc_util_hdr_err_out_add: Cache-Control: no-cache, no-store, max-age=0
[Thu Oct 16 12:42:48.118751 2025] [auth_openidc:debug] [pid 38307:tid 38435] src/proto.c(678): [client [REDACTED_IP]:0] oidc_proto_authorization_request: return: 302

Debug log from mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 where I'm getting 504.

[Thu Oct 16 12:34:47.015195 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/mod_auth_openidc.c(1337): [client <IP>:0] oidc_check_user_id: incoming request: "/path?(null)", ap_is_initial_req(r)=1
[Thu Oct 16 12:34:47.015208 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.015230 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.015237 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.015243 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Host=www.<DOMAIN>
[Thu Oct 16 12:34:47.015350 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.015365 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(857): [client <IP>:0] oidc_util_absolute_url: determined absolute url: https://www.<DOMAIN>:443/path/protected
[Thu Oct 16 12:34:47.015373 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(131): [client <IP>:0] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Thu Oct 16 12:34:47.015398 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(133): [client <IP>:0] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Thu Oct 16 12:34:47.015410 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Cookie=AWSALB=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm; AWSALBCORS=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm
[Thu Oct 16 12:34:47.015419 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(1164): [client <IP>:0] oidc_http_get_cookie: returning "mod_auth_openidc_session_chunks" = <null>
[Thu Oct 16 12:34:47.015425 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Cookie=AWSALB=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm; AWSALBCORS=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm
[Thu Oct 16 12:34:47.015433 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(1164): [client <IP>:0] oidc_http_get_cookie: returning "mod_auth_openidc_session" = <null>
[Thu Oct 16 12:34:47.015439 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.015444 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.015450 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.015455 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Host=www.<DOMAIN>
[Thu Oct 16 12:34:47.015479 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.015652 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(857): [client <IP>:0] oidc_util_absolute_url: determined absolute url: https://www.<DOMAIN>:443/path/protected
[Thu Oct 16 12:34:47.015761 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(885): [client <IP>:0] oidc_util_request_matches_url: comparing "/path"=="/path/protected"
[Thu Oct 16 12:34:47.015835 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Sec-Fetch-Mode=navigate
[Thu Oct 16 12:34:47.015874 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Sec-Fetch-Mode=navigate
[Thu Oct 16 12:34:47.015923 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Sec-Fetch-Dest=document
[Thu Oct 16 12:34:47.015958 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Sec-Fetch-Dest=document
[Thu Oct 16 12:34:47.016018 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
[Thu Oct 16 12:34:47.016070 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.016114 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.016163 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Thu Oct 16 12:34:47.016199 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: Host=www.<DOMAIN>
[Thu Oct 16 12:34:47.016252 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/http.c(155): [client <IP>:0] oidc_http_hdr_in_get: X-Forwarded-Port=443
[Thu Oct 16 12:34:47.016289 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/util.c(845): [client <IP>:0] oidc_util_current_url: current URL 'https://www.<DOMAIN>:443/path'
[Thu Oct 16 12:34:47.016338 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/handle/request.c(165): [client <IP>:0] oidc_request_authenticate_user: enter
[Thu Oct 16 12:34:47.016374 2025] [auth_openidc:debug] [pid 37311:tid 37362] src/cache/common.c(299): [client <IP>:0] oidc_cache_get: enter: https://accounts.google.com/.well-known/openid-configuration (section=p, decrypt=0, type=shm)

On the mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 I can see it's taking into account the

Cookie=AWSALB=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm; AWSALBCORS=4oi0tWGccto2xXvDiKO88VeuBK8oyr1VmEyp17G/JasTdoqdJ8I96e6fsXNjpBLyJq0a/PjDmcaojnDMbXrZwurxkoomKgTgT7VAV+qoFlpzqbXz36yzGdNDV2Qm

Maybe this cookie is interfering somehow ?

Thanks a lot for your help !

1 reply

zandbelt Oct 18, 2025
Maintainer

this is due to a bug only manifesting on amzn2023; you'll need to upgrade to a version >= 2.4.18.1, or stay on a version < 2.4.16.7, or use a different type of cache, see the shm bugfix in 2.4.18.1: https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.18.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Httpd 504 after update to mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 #1356

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 4 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Httpd 504 after update to mod_auth_openidc-2.4.16.11-1.amzn2023.x86_64 #1356

Uh oh!

tkd4444 Oct 15, 2025

Replies: 2 comments · 4 replies

Uh oh!

zandbelt Oct 16, 2025 Maintainer

Uh oh!

tkd4444 Oct 16, 2025 Author

Uh oh!

zandbelt Oct 16, 2025 Maintainer

Uh oh!

tkd4444 Oct 16, 2025 Author

Uh oh!

tkd4444 Oct 16, 2025 Author

Uh oh!

zandbelt Oct 18, 2025 Maintainer

tkd4444
Oct 15, 2025

Replies: 2 comments 4 replies

zandbelt
Oct 16, 2025
Maintainer

tkd4444 Oct 16, 2025
Author

zandbelt Oct 16, 2025
Maintainer

tkd4444 Oct 16, 2025
Author

tkd4444
Oct 16, 2025
Author

zandbelt Oct 18, 2025
Maintainer