diff -up mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c.orig mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c --- mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c.orig 2025-04-11 10:49:32.095915197 +0200 +++ mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.c 2025-04-11 10:51:12.493949688 +0200 @@ -4258,7 +4258,11 @@ int oidc_content_handler(request_rec *r) rc = oidc_discovery(r, c); - } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN) != NULL) { + } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST) != NULL) { + + rc = OK; + + } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE) != NULL) { rc = OK; diff -up mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h.orig mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h --- mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h.orig 2025-04-11 10:49:32.081518446 +0200 +++ mod_auth_openidc-2.4.9.4/src/mod_auth_openidc.h 2025-04-11 10:51:12.495521138 +0200 @@ -88,7 +88,8 @@ APLOG_USE_MODULE(auth_openidc); #define OIDC_REQUEST_STATE_KEY_IDTOKEN "i" #define OIDC_REQUEST_STATE_KEY_CLAIMS "c" #define OIDC_REQUEST_STATE_KEY_DISCOVERY "d" -#define OIDC_REQUEST_STATE_KEY_AUTHN "a" +#define OIDC_REQUEST_STATE_KEY_AUTHN_POST "a" +#define OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE "p" /* parameter name of the callback URL in the discovery response */ #define OIDC_DISC_CB_PARAM "oidc_callback" diff -up mod_auth_openidc-2.4.9.4/src/proto.c.orig mod_auth_openidc-2.4.9.4/src/proto.c --- mod_auth_openidc-2.4.9.4/src/proto.c.orig 2021-09-03 10:41:21.000000000 +0200 +++ mod_auth_openidc-2.4.9.4/src/proto.c 2025-04-11 10:51:12.495927318 +0200 @@ -591,7 +591,7 @@ static int oidc_proto_add_form_post_para /* * make the browser POST parameters through Javascript auto-submit */ -static int oidc_proto_html_post(request_rec *r, const char *url, +static void oidc_proto_html_post(request_rec *r, const char *url, apr_table_t *params) { oidc_debug(r, "enter"); @@ -607,8 +607,7 @@ static int oidc_proto_html_post(request_ html_body = apr_psprintf(r->pool, "%s%s", data.html_body, "

\n" " \n"); - return oidc_util_html_send(r, "Submitting...", NULL, - "document.forms[0].submit", html_body, OK); + oidc_util_html_send(r, "Submitting...", NULL, "document.forms[0].submit", html_body, OK); } void add_auth_request_params(request_rec *r, apr_table_t *params, @@ -739,8 +738,12 @@ int oidc_proto_authorization_request(req if (provider->auth_request_method == OIDC_AUTH_REQUEST_METHOD_POST) { /* construct a HTML POST auto-submit page with the authorization request parameters */ - rv = oidc_proto_html_post(r, provider->authorization_endpoint_url, - params); + oidc_proto_html_post(r, provider->authorization_endpoint_url, params); + + /* signal this to the content handler */ + oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST, ""); + r->user = ""; + rv = OK; } else if (provider->auth_request_method == OIDC_AUTH_REQUEST_METHOD_GET) { @@ -748,7 +751,6 @@ int oidc_proto_authorization_request(req authorization_request = oidc_util_http_query_encoded_url(r, provider->authorization_endpoint_url, params); - // TODO: should also enable this when using the POST binding for the auth request /* see if we need to preserve POST parameters through Javascript/HTML5 storage */ if (oidc_post_preserve_javascript(r, authorization_request, NULL, NULL) == FALSE) { @@ -762,7 +764,7 @@ int oidc_proto_authorization_request(req } else { /* signal this to the content handler */ - oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN, ""); + oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE, ""); r->user = ""; rv = OK;