Description
Apache can delegate login to OpenID Connect identity providers for single sign-on. Administrators use this module when protected sites need authentication through OIDC providers such as enterprise IdPs.
It handles tokens, redirects, cookies, and identity claims. Misconfiguration can expose sessions or bypass access controls, so validate issuer, client secrets, TLS, and callback URLs.