UeJo
UeJo
Yes its only in the browser. The cookie is too long, hence the browser is rejecting it, gives an error on the client side, like the screenshot i posted. That's...
Hello, we are talking about around 50 long named ldap groups. But i think the main problem here is not that the user is in too many ldap groups, its...
You mean probably https://github.com/OpenIDC/mod_auth_openidc/blob/9c0909af71eb52283f4d3797e55d1efef64966f2/auth_openidc.conf#L539-L546. But if not defined the default value is 4000. So it is even set by default, but that doesn't matter since the cookie is explicitly set...
I found a workaround, at least for our problem: In the documentation: https://www.manageiq.org/docs/reference/latest/auth/openid_connect.html#oidc-assertions it says for the "The following Group Membership mapper must be manually created": ID token: on access...
Yes, looks good to me.
It seems the "userinfo: on" doesn't do anything, it can be left to off.
Here you go! As mentioned above this solves our problem, but not really the underlying issue.