SSO Attributes
Apache + mod_auth_openidc — accepts both a browser OIDC session
and a Bearer access_token, then prints every claim released by Keycloak.
Two ways to access the protected page
Browser — OIDC Authorization Code
Click the button below. mod_auth_openidc redirects you to Keycloak,
you log in, and are returned here with a session cookie.
Claims come from the ID token & UserInfo endpoint.
API — OAuth2 Bearer Token (JWT)
Send any valid Keycloak access_token as a Bearer header.
mod_auth_openidc validates the RS256 signature via JWKS — no
introspection needed. Claims come from the JWT payload.
Bearer token example
# Get your access_token from demo.sifulan.dev or the Flutter app, then:
curl -s \
-H "Authorization: Bearer <access_token>" \
https://sso-attributes.sifulan.dev/secure/attributes.php
# Request JSON output instead of HTML:
curl -s \
-H "Authorization: Bearer <access_token>" \
-H "Accept: application/json" \
https://sso-attributes.sifulan.dev/secure/attributes.php | jq .
Login with Keycloak →
Keycloak: https://keycloak.sifulan.dev/realms/sifulan
| mod_auth_openidc dual-mode:
AuthType "openid-connect oauth20"