Giters

OpenIDC / mod_auth_openidc

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Post Login - 500 Internal Server Error in Chrome. Working fine in Safari

madhureddy480 opened this issue · comments

commented

I am new to openidc and facing issue accessing the app in Chrome browser, where as in Safari app is working as expected.
I have a static content hosted in Apache server. Protected content is behind 'myapp'.

my mod auth config:

OIDCRedirectURI http://localhost:8080/myapp/index.html
OIDCCryptoPassphrase MyPa$$phrase
OIDCProviderMetadataURL https://dev-deleted.okta.com/.well-known/openid-configuration
OIDCScope "openid email profile"
OIDCProviderIssuer https://dev-deleted.okta.com
OIDCCookiePath /
OIDCCookieDomain localhost

my httpd.conf:


IDCProviderMetadataURL https://dev-deleted.okta.com/.well-known/openid-configuration
OIDCRedirectURI http://localhost:8080/myapp/index.html
OIDCClientID
OIDCClientSecret
OIDCCryptoPassphrase MyPa$$phrase
OIDCCookiePath /
OIDCCookieDomain localhost
OIDCScope "openid email profile"

<Location /myapp/>
  AuthType openid-connect
  Require valid-user
</Location>

Error log:


[Fri Nov 26 05:42:16.348047 2021] [authz_core:debug] [pid 96:tid 139825897629440] mod_authz_core.c(820): [client 172.17.0.1:62540] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

[Fri Nov 26 05:42:16.348119 2021] [authz_core:debug] [pid 96:tid 139825897629440] mod_authz_core.c(820): [client 172.17.0.1:62540] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

[Fri Nov 26 05:42:16.348199 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/mod_auth_openidc.c(3921): [client 172.17.0.1:62540] oidc_check_user_id: incoming request: "/myapp/?(null)", ap_is_initial_req(r)=1

[Fri Nov 26 05:42:16.348218 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(1055): [client 172.17.0.1:62540] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>

[Fri Nov 26 05:42:16.348259 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(1217): [client 172.17.0.1:62540] oidc_util_request_matches_url: comparing "/myapp/"=="/myapp/index.html"

[Fri Nov 26 05:42:16.348273 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2309): [client 172.17.0.1:62540] oidc_util_hdr_in_get: Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

[Fri Nov 26 05:42:16.348290 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2309): [client 172.17.0.1:62540] oidc_util_hdr_in_get: Host=localhost:8080

[Fri Nov 26 05:42:16.348303 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2309): [client 172.17.0.1:62540] oidc_util_hdr_in_get: Host=localhost:8080

[Fri Nov 26 05:42:16.348310 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(518): [client 172.17.0.1:62540] oidc_get_current_url: current URL 'http://localhost:8080/myapp/'

[Fri Nov 26 05:42:16.348318 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/mod_auth_openidc.c(2389): [client 172.17.0.1:62540] oidc_authenticate_user: enter

[Fri Nov 26 05:42:16.348329 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/cache/common.c(581): [client 172.17.0.1:62540] oidc_cache_get: enter: https://dev-deleted.okta.com/.well-known/openid-configuration (section=p, decrypt=0, type=shm)

[Fri Nov 26 05:42:16.348380 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/cache/common.c(615): [client 172.17.0.1:62540] oidc_cache_get: cache hit: return 1997 bytes from shm cache backend for key https://dev-deleted.okta.com/.well-known/openid-configuration

[Fri Nov 26 05:42:16.349113 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/proto.c(83): [client 172.17.0.1:62540] oidc_proto_generate_random_bytes: apr_generate_random_bytes call for 32 bytes

[Fri Nov 26 05:42:16.349178 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/proto.c(85): [client 172.17.0.1:62540] oidc_proto_generate_random_bytes: apr_generate_random_bytes returned

[Fri Nov 26 05:42:16.349249 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(1217): [client 172.17.0.1:62540] oidc_util_request_matches_url: comparing "/myapp/"=="/myapp/index.html"

[Fri Nov 26 05:42:16.349279 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/mod_auth_openidc.c(232): [client 172.17.0.1:62540] oidc_get_browser_state_hash: enter

[Fri Nov 26 05:42:16.349298 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2309): [client 172.17.0.1:62540] oidc_util_hdr_in_get: User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36

[Fri Nov 26 05:42:16.349332 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2098): [client 172.17.0.1:62540] oidc_util_create_symmetric_key: key_len=32

[Fri Nov 26 05:42:16.349438 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(945): [client 172.17.0.1:62540] oidc_util_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found

[Fri Nov 26 05:42:16.349486 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2387): [client 172.17.0.1:62540] oidc_util_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_OwR4SwSAY_rfWzFzPBIz1R3rsNU=eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..KnhTD3n5MVpnGNXz.TyFaYv_daWZLXA_wyi6l-oxCm3mBknGxbeV3JXutgFtkRVbu4DsI5gl0e5Fjl1ep2w_VO9mo7HOhKksROIrxBs9PWll2nvPTVeWAoZ24N9nfIeDECt1_vaPQVVUqv0A_Lt-ehVda02_-aiNOpDWmElLY4BPDUgqLdIKSNqejHaOqQyZKqgVcXlFs10nVeUDS5gWX2f2pP7x_8JweRKn9iDa31P0vOb1-HLq0HffKrXaQBHUFgIpxnIBwSVuKNnkXxofDvk6fRw-xZvjiRzxl9V_cPN0p4Tzy2aCh_JXj3noxqz-0mG2qDBalH_bYHmxzThhdCKP1rt4rv5NvbqHjmH8O4hpbLqkZ6T2Bx2mE0fDOd8lQVd807WNN.gE2Od-Kd5YO3XL4eUUoDDw; Path=/; Domain=localhost; HttpOnly; SameSite=None

[Fri Nov 26 05:42:16.349518 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/proto.c(659): [client 172.17.0.1:62540] oidc_proto_authorization_request: enter, issuer=https://dev-deleted.okta.com, redirect_uri=http://localhost:8080/myapp/index.html, state=OwR4SwSAY_rfWzFzPBIz1R3rsNU, proto_state={"ou":"http://localhost:8080/myapp/","om":"get","i":"https://dev-deleted.okta.com","rt":"code","n":"tNWvrEsIWI5hRkxjHc4P3LUpQ_p36pG0OhazoHnk6Ws","t":1637905336}, code_challenge=(null), auth_request_params=(null), path_scope=(null)

[Fri Nov 26 05:42:16.349655 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: response_type=code

[Fri Nov 26 05:42:16.349731 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: scope=openid

[Fri Nov 26 05:42:16.349803 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: client_id=<<<log_deleted>>>

[Fri Nov 26 05:42:16.349818 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: state=OwR4SwSAY_rfWzFzPBIz1R3rsNU

[Fri Nov 26 05:42:16.349847 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: redirect_uri=http://localhost:8080/myapp/index.html

[Fri Nov 26 05:42:16.349875 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(619): [client 172.17.0.1:62540] oidc_util_http_add_form_url_encoded_param: processing: nonce=tNWvrEsIWI5hRkxjHc4P3LUpQ_p36pG0OhazoHnk6Ws

[Fri Nov 26 05:42:16.349894 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(648): [client 172.17.0.1:62540] oidc_util_http_query_encoded_url: url=https://dev-deleted.okta.com/oauth2/v1/authorize?response_type=code&scope=openid&client_id=<<<log_deleted>>>&state=OwR4SwSAY_rfWzFzPBIz1R3rsNU&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Findex.html&nonce=tNWvrEsIWI5hRkxjHc4P3LUpQ_p36pG0OhazoHnk6Ws

[Fri Nov 26 05:42:16.349903 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2365): [client 172.17.0.1:62540] oidc_util_hdr_table_set: Location: https://dev-deleted.okta.com/oauth2/v1/authorize?response_type=code&scope=openid&client_id=<<<log_deleted>>>&state=OwR4SwSAY_rfWzFzPBIz1R3rsNU&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Findex.html&nonce=tNWvrEsIWI5hRkxjHc4P3LUpQ_p36pG0OhazoHnk6Ws

[Fri Nov 26 05:42:16.349912 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/util.c(2387): [client 172.17.0.1:62540] oidc_util_hdr_err_out_add: Cache-Control: no-cache, no-store, max-age=0

[Fri Nov 26 05:42:16.349927 2021] [auth_openidc:debug] [pid 96:tid 139825897629440] src/proto.c(782): [client 172.17.0.1:62540] oidc_proto_authorization_request: return: 302

172.17.0.1 - - [26/Nov/2021:05:42:16 +0000] "GET /myapp/ HTTP/1.1" 302 464

[Fri Nov 26 05:42:16.733985 2021] [authz_core:debug] [pid 96:tid 139825546000128] mod_authz_core.c(820): [client 172.17.0.1:62540] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

[Fri Nov 26 05:42:16.734062 2021] [authz_core:debug] [pid 96:tid 139825546000128] mod_authz_core.c(820): [client 172.17.0.1:62540] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

[Fri Nov 26 05:42:16.734083 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(3921): [client 172.17.0.1:62540] oidc_check_user_id: incoming request: "/myapp/index.html?code=g98_ZcK91rkZZb6f2Gua61ipz8FbL67yihhFzL1_EQc&state=OwR4SwSAY_rfWzFzPBIz1R3rsNU", ap_is_initial_req(r)=1

[Fri Nov 26 05:42:16.734106 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1055): [client 172.17.0.1:62540] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>

[Fri Nov 26 05:42:16.734123 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1217): [client 172.17.0.1:62540] oidc_util_request_matches_url: comparing "/myapp/index.html"=="/myapp/index.html"

[Fri Nov 26 05:42:16.734142 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(2212): [client 172.17.0.1:62540] oidc_handle_redirect_authorization_response: enter

[Fri Nov 26 05:42:16.734197 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1529): [client 172.17.0.1:62540] oidc_util_read_form_encoded_params: read: code=g98_ZcK91rkZZb6f2Gua61ipz8FbL67yihhFzL1_EQc

[Fri Nov 26 05:42:16.734245 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1529): [client 172.17.0.1:62540] oidc_util_read_form_encoded_params: read: state=OwR4SwSAY_rfWzFzPBIz1R3rsNU

[Fri Nov 26 05:42:16.734261 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1534): [client 172.17.0.1:62540] oidc_util_read_form_encoded_params: parsed: 82 bytes into 2 elements

[Fri Nov 26 05:42:16.734296 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(2036): [client 172.17.0.1:62540] oidc_handle_authorization_response: enter, response_mode=query

[Fri Nov 26 05:42:16.734312 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(1667): [client 172.17.0.1:62540] oidc_authorization_response_match_state: enter (state=OwR4SwSAY_rfWzFzPBIz1R3rsNU)

[Fri Nov 26 05:42:16.734374 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(805): [client 172.17.0.1:62540] oidc_restore_proto_state: enter

[Fri Nov 26 05:42:16.734429 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(1055): [client 172.17.0.1:62540] oidc_util_get_cookie: returning "mod_auth_openidc_state_OwR4SwSAY_rfWzFzPBIz1R3rsNU" = <null>

[Fri Nov 26 05:42:16.734451 2021] [auth_openidc:error] [pid 96:tid 139825546000128] [client 172.17.0.1:62540] oidc_restore_proto_state: no "mod_auth_openidc_state_OwR4SwSAY_rfWzFzPBIz1R3rsNU" state cookie found

[Fri Nov 26 05:42:16.734613 2021] [auth_openidc:warn] [pid 96:tid 139825546000128] [client 172.17.0.1:62540] oidc_proto_peek_jwt_header: could not parse first element separated by "." from input

[Fri Nov 26 05:42:16.734651 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/mod_auth_openidc.c(538): [client 172.17.0.1:62540] oidc_unsolicited_proto_state: enter: state header=(null)

[Fri Nov 26 05:42:16.734690 2021] [auth_openidc:debug] [pid 96:tid 139825546000128] src/util.c(2098): [client 172.17.0.1:62540] oidc_util_create_symmetric_key: key_len=32

[Fri Nov 26 05:42:16.734744 2021] [auth_openidc:error] [pid 96:tid 139825546000128] [client 172.17.0.1:62540] oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response: [src/jose.c:809: oidc_jwt_parse]: cjose_jws_import failed: invalid argument [file: jws.c, function: cjose_jws_import, line: 787]

[Fri Nov 26 05:42:16.734790 2021] [auth_openidc:error] [pid 96:tid 139825546000128] [client 172.17.0.1:62540] oidc_authorization_response_match_state: unable to restore state

[Fri Nov 26 05:42:16.734801 2021] [auth_openidc:error] [pid 96:tid 139825546000128] [client 172.17.0.1:62540] oidc_handle_authorization_response: invalid authorization response state and no default SSO URL is set, sending an error...

172.17.0.1 - - [26/Nov/2021:05:42:16 +0000] "GET /myapp/index.html?code=g98_ZcK91rkZZb6f2Gua61ipz8FbL67yihhFzL1_EQc&state=OwR4SwSAY_rfWzFzPBIz1R3rsNU HTTP/1.1" 500 528

what I see in chrome browser:


Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at hello@example.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

my Okta configurations in Okta portal:

Sign-in redirect URIs : http://localhost:8080/myapp/index.html
Initiate login URI : http://localhost:8080/myapp/index.html