Version

v4.38.1

Deployment Method

Docker

Reverse Proxy

NGINX Proxy Manager

Reverse Proxy Version

latest

Description

When signing everythging is fine but the site opens in the signing pop up and not on the website itself has in 4.37.5 and prior

Reproduction

Go to komga
login with authelia
accept
the site open in the login popup

Expectations

No response

Configuration (Authelia)

No response

Build Information

Last Tag: v4.38.1
State: tagged clean
Branch: v4.38.1
Commit: f3f6515e4ba663faea480de4c723fa9d0426193a
Build Number: 27647
Build OS: linux
Build Arch: amd64
Build Compiler: gc
Build Date: Fri, 15 Mar 2024 12:08:14 +1100
Extra: 

Go: 
    Version: go1.22.1
    Module Path: github.com/authelia/authelia/v4
    Executable Path: github.com/authelia/authelia/v4/cmd/authelia
    Settings:
        -buildmode: pie
        -compiler: gc
        -trimpath: true
        DefaultGODEBUG: httplaxcontentlength=1,httpmuxgo121=1,tls10server=1,tlsrsakex=1,tlsunsafeekm=1
        CGO_ENABLED: 1
        GOARCH: amd64
        GOOS: linux
        GOAMD64: v1
        vcs: git
        vcs.revision: f3f6515e4ba663faea480de4c723fa9d0426193a
        vcs.time: 2024-03-15T01:06:28Z
        vcs.modified: true
    Dependencies:
        authelia.com/provider/oauth2@v0.0.0-20240313001612-43d016545b81 (h1:BmwFLBmC6kbZC4++6Vzfq19r/xkI7hJ6jiKfmDbSPzc=)
        filippo.io/edwards25519@v1.1.0 (h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=)
        github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358 (h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=)
        github.com/Gurpartap/logrus-stack@v0.0.0-20170710170904-89c00d8a28f4 (h1:vdT7QwBhJJEVNFMBNhRSFDRCB6O16T28VhvqRgqFyn8=)
        github.com/andybalholm/brotli@v1.1.0 (h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=)
        github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2 (h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=)
        github.com/authelia/jsonschema@v0.1.7 (h1:RbtTeTG7GiWIrx2A+3O+b33jr/mLlSmqGYyk1w5gLNA=)
        github.com/authelia/otp@v1.0.0 (h1:X6YeBMb16CkW8fFpLBQc0ams+Ed0zw1R/5pfih/1vLU=)
        github.com/beorn7/perks@v1.0.1 (h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=)
        github.com/boombuler/barcode@v1.0.1 (h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=)
        github.com/cespare/xxhash/v2@v2.2.0 (h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=)
        github.com/davecgh/go-spew@v1.1.1 (h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=)
        github.com/dgraph-io/ristretto@v0.1.1 (h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=)
        github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f (h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=)
        github.com/dlclark/regexp2@v1.4.0 (h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E=)
        github.com/duosecurity/duo_api_golang@v0.0.0-20240205144049-bb361ad4ae1c (h1:xFrCg835Y/ig7iWQqyVmGFG5cd1OztnlN3rF64ltEpY=)
        github.com/dustin/go-humanize@v1.0.1 (h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=)
        github.com/facebookgo/stack@v0.0.0-20160209184415-751773369052 (h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=)
        github.com/fasthttp/router@v1.5.0 (h1:3Qbbo27HAPzwbpRzgiV5V9+2faPkPt3eNuRaDV6LYDA=)
        github.com/fasthttp/session/v2@v2.5.4 (h1:SeblRaKHYQoVBjJIF1KlZD0F8QX1poA80h/KaLhNo8I=)
        github.com/fsnotify/fsnotify@v1.7.0 (h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=)
        github.com/fxamacker/cbor/v2@v2.6.0 (h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=)
        github.com/go-asn1-ber/asn1-ber@v1.5.5 (h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=)
        github.com/go-crypt/crypt@v0.2.19 (h1:9VFKbVCuWH4cQDbjUA6fGiaHx+w0CXI19rHQGTZqESE=)
        github.com/go-crypt/x@v0.2.13 (h1:YUgKO62hIcPz11ViwHZx89g/OJhOis9+kK13ZunWpS0=)
        github.com/go-jose/go-jose/v4@v4.0.1 (h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=)
        github.com/go-ldap/ldap/v3@v3.4.6 (h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=)
        github.com/go-sql-driver/mysql@v1.8.0 (h1:UtktXaU2Nb64z/pLiGIxY4431SJ4/dR5cjMmlVHgnT4=)
        github.com/go-viper/mapstructure/v2@v2.0.0-alpha.1 (h1:TQcrn6Wq+sKGkpyPvppOz99zsMBaUOKXq6HSv655U1c=)
        github.com/go-webauthn/webauthn@v0.10.2 (h1:OG7B+DyuTytrEPFmTX503K77fqs3HDK/0Iv+z8UYbq4=)
        github.com/go-webauthn/x@v0.1.9 (h1:v1oeLmoaa+gPOaZqUdDentu6Rl7HkSSsmOT6gxEQHhE=)
        github.com/golang-jwt/jwt/v5@v5.2.1 (h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=)
        github.com/golang/glog@v1.2.0 (h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=)
        github.com/golang/protobuf@v1.5.3 (h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=)
        github.com/google/go-tpm@v0.9.0 (h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=)
        github.com/google/uuid@v1.6.0 (h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=)
        github.com/hashicorp/go-cleanhttp@v0.5.2 (h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=)
        github.com/hashicorp/go-retryablehttp@v0.7.5 (h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=)
        github.com/iancoleman/orderedmap@v0.3.0 (h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=)
        github.com/jackc/pgpassfile@v1.0.0 (h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=)
        github.com/jackc/pgservicefile@v0.0.0-20221227161230-091c0ba34f0a (h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=)
        github.com/jackc/pgx/v5@v5.5.5 (h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=)
        github.com/jackc/puddle/v2@v2.2.1 (h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=)
        github.com/jmoiron/sqlx@v1.3.5 (h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=)
        github.com/klauspost/compress@v1.17.6 (h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI=)
        github.com/knadh/koanf/maps@v0.1.1 (h1:G5TjmUh2D7G2YWf5SQQqSiHRJEjaicvU0KpypqB3NIs=)
        github.com/knadh/koanf/parsers/yaml@v0.1.0 (h1:ZZ8/iGfRLvKSaMEECEBPM1HQslrZADk8fP1XFUxVI5w=)
        github.com/knadh/koanf/providers/confmap@v0.1.0 (h1:gOkxhHkemwG4LezxxN8DMOFopOPghxRVp7JbIvdvqzU=)
        github.com/knadh/koanf/providers/env@v0.1.0 (h1:LqKteXqfOWyx5Ab9VfGHmjY9BvRXi+clwyZozgVRiKg=)
        github.com/knadh/koanf/providers/posflag@v0.1.0 (h1:mKJlLrKPcAP7Ootf4pBZWJ6J+4wHYujwipe7Ie3qW6U=)
        github.com/knadh/koanf/v2@v2.1.0 (h1:eh4QmHHBuU8BybfIJ8mB8K8gsGCD/AUQTdwGq/GzId8=)
        github.com/mattn/go-sqlite3@v1.14.22 (h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=)
        github.com/mitchellh/copystructure@v1.2.0 (h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=)
        github.com/mitchellh/mapstructure@v1.5.0 (h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=)
        github.com/mitchellh/reflectwalk@v1.0.2 (h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=)
        github.com/mohae/deepcopy@v0.0.0-20170929034955-c48cc78d4826 (h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=)
        github.com/ory/herodot@v0.10.3-0.20230807143059-27cd6936499b (h1:AEUyF55UrqTuhJh72I9azACdJrRrDBBjK/XWgVxuQvY=)
        github.com/ory/x@v0.0.616 (h1:iaojp7MvFW1cdirSZFK/XeuJvyhUEVXQdY61bmIOkzk=)
        github.com/philhofer/fwd@v1.1.2 (h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=)
        github.com/pkg/errors@v0.9.1 (h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=)
        github.com/pmezard/go-difflib@v1.0.0 (h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=)
        github.com/prometheus/client_golang@v1.19.0 (h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=)
        github.com/prometheus/client_model@v0.5.0 (h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=)
        github.com/prometheus/common@v0.48.0 (h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=)
        github.com/prometheus/procfs@v0.12.0 (h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=)
        github.com/redis/go-redis/v9@v9.5.1 (h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=)
        github.com/savsgio/gotils@v0.0.0-20240303185622-093b76447511 (h1:KanIMPX0QdEdB4R3CiimCAbxFrhB3j7h0/OvpYGVQa8=)
        github.com/sirupsen/logrus@v1.9.3 (h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=)
        github.com/spf13/cobra@v1.8.0 (h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=)
        github.com/spf13/pflag@v1.0.5 (h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=)
        github.com/stretchr/testify@v1.9.0 (h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=)
        github.com/tinylib/msgp@v1.1.9 (h1:SHf3yoO2sGA0veCJeCBYLHuttAVFHGm2RHgNodW7wQU=)
        github.com/trustelem/zxcvbn@v1.0.1 (h1:mp4JFtzdDYGj9WYSD3KQSkwwUumWNFzXaAjckaTYpsc=)
        github.com/valyala/bytebufferpool@v1.0.0 (h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=)
        github.com/valyala/fasthttp@v1.52.0 (h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0=)
        github.com/wneessen/go-mail@v0.4.1 (h1:m2rSg/sc8FZQCdtrV5M8ymHYOFrC6KJAQAIcgrXvqoo=)
        github.com/x448/float16@v0.8.4 (h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=)
        golang.org/x/crypto@v0.21.0 (h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=)
        golang.org/x/net@v0.22.0 (h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=)
        golang.org/x/oauth2@v0.18.0 (h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=)
        golang.org/x/sync@v0.6.0 (h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=)
        golang.org/x/sys@v0.18.0 (h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=)
        golang.org/x/term@v0.18.0 (h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=)
        golang.org/x/text@v0.14.0 (h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=)
        google.golang.org/genproto/googleapis/rpc@v0.0.0-20231106174013-bbf56f31fb17 (h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=)
        google.golang.org/grpc@v1.59.0 (h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=)
        google.golang.org/protobuf@v1.33.0 (h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=)
        gopkg.in/yaml.v3@v3.0.1 (h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=)

Logs (Authelia)

time="2024-03-15T09:46:44+01:00" level=debug msg="Authorization Request with id 'a6a5d4e1-e4d4-4e19-bd6f-040d07524b42' on client with id 'komga' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:44+01:00" level=debug msg="Authorization Request with id 'a6a5d4e1-e4d4-4e19-bd6f-040d07524b42' on client with id 'komga' using consent mode 'explicit' proceeding to generate a new consent session" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:44+01:00" level=debug msg="Authorization Request with id 'a6a5d4e1-e4d4-4e19-bd6f-040d07524b42' on client with id 'komga' using consent mode 'explicit' authentication level 'two_factor' is sufficient for client level 'two_factor'" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:44+01:00" level=debug msg="Authorization Request with id 'a6a5d4e1-e4d4-4e19-bd6f-040d07524b42' on client with id 'komga' using consent mode 'explicit' is being redirected to 'https://auth.sdskh.com/consent?id=24b13b49-6ad7-49ec-a4d6-a75e5cb762cc'" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:46+01:00" level=debug msg="Authorization Request with id '8778eed9-1698-4cd9-b7e2-606d9ae5f300' on client with id 'komga' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:46+01:00" level=debug msg="Authorization Request with id '8778eed9-1698-4cd9-b7e2-606d9ae5f300' on client with id 'komga' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180
time="2024-03-15T09:46:46+01:00" level=debug msg="Access Request with id '8778eed9-1698-4cd9-b7e2-606d9ae5f300' on client with id 'komga' is being processed" method=POST path=/api/oidc/token remote_ip=192.168.0.33
time="2024-03-15T09:46:46+01:00" level=debug msg="Access Request with id '8778eed9-1698-4cd9-b7e2-606d9ae5f300' on client with id 'komga' has successfully been processed" method=POST path=/api/oidc/token remote_ip=192.168.0.33
time="2024-03-15T09:46:46+01:00" level=debug msg="UserInfo Request with id '37fa7146-6c1f-4b7e-9436-906aa5244c00' is being processed" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33
time="2024-03-15T09:46:46+01:00" level=debug msg="UserInfo Request with id '37fa7146-6c1f-4b7e-9436-906aa5244c00' on client with id 'komga' is being returned unsigned as per the registered client configuration" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33
time="2024-03-15T09:46:46+01:00" level=debug msg="UserInfo Request with id '37fa7146-6c1f-4b7e-9436-906aa5244c00' on client with id 'komga' was successfully processed" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33

Logs (Proxy / Application)

No response

Documentation

No response

Pre-Submission Checklist

• I agree to follow the Code of Conduct

• This is a bug report and not a support request

• I have read the security policy and this bug report is not a security issue or security related issue

• I have either included the complete configuration file or I am sure it's unrelated to the configuration

• I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant

• I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide

• I have checked for related proxy or application logs and included them if available

• I have checked for related issues and checked the documentation

Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.

Based on the detailed information you've provided, it seems like the issue you're encountering is related to how the redirection is handled after successful authentication with Authelia when using NGINX Proxy Manager as your reverse proxy. Since the behavior changed after upgrading to version 4.38.1, it's possible that there were changes in Authelia or NGINX Proxy Manager that affect how redirections are handled.

Given the complexity of the setup and the potential for configuration nuances, here are a few steps you can take to troubleshoot and potentially resolve the issue:

1. Review Authelia and NGINX Proxy Manager Configuration: Ensure that the configuration for both Authelia and NGINX Proxy Manager is correct and hasn't been inadvertently altered during the upgrade. Pay special attention to the redirection URLs and the way Authelia is integrated with NGINX Proxy Manager.

2. Check for Known Issues: Look into the Authelia GitHub issues page and NGINX Proxy Manager's support forums or GitHub issues for any known issues related to redirection after authentication in the versions you're using.

3. Debug Logs: The debug logs you've provided from Authelia indicate that the authorization request is being processed correctly. However, it would be helpful to also review the NGINX Proxy Manager logs to see if there are any clues there regarding how the redirection is being handled.

4. Revert to a Previous Version: If the issue is severely impacting your setup and you cannot find a quick resolution, consider reverting to a previous version of Authelia or NGINX Proxy Manager where this issue was not present, while you continue to investigate a solution.

5. Seek Support from Authelia or NGINX Proxy Manager: If you're unable to resolve the issue on your own, consider reaching out for support directly from the Authelia team via their GitHub issues page or the NGINX Proxy Manager support channels. Provide them with the detailed information and logs you've gathered to help diagnose the issue.

Unfortunately, without access to the specific configurations and without more detailed logs from NGINX Proxy Manager, it's challenging to provide a more precise solution. The steps above should help guide you towards identifying and resolving the issue.

This comment was generated by Glime.

What do the kogma logs say? The authelia logs show that all requests were successful.

Please also provide the full authelia logs and configuration.

Full log Authelia

time="2024-03-15T10:05:48+01:00" level=debug msg="Process user information" gid=0 gids="1,2,3,4,6,10,11,20,26,27" name=root uid=0 username=root time="2024-03-15T10:05:48+01:00" level=warning msg="Configuration: session: option 'domain' is deprecated in v4.38.0 and has been replaced by a multi-domain configuration: this has automatically been mapped for you but you will need to adjust your configuration to remove this message and receive the latest messages" time="2024-03-15T10:05:48+01:00" level=warning msg="Configuration: identity_providers: oidc: clients: client 'komga': option 'client_secret' is plaintext but for clients not using the 'token_endpoint_auth_method' of 'client_secret_jwt' it should be a hashed value as plaintext values are deprecated with the exception of 'client_secret_jwt' and will be removed in the near future" time="2024-03-15T10:05:48+01:00" level=info msg="Authelia v4.38.1 is starting" time="2024-03-15T10:05:48+01:00" level=info msg="Log severity set to debug" time="2024-03-15T10:05:48+01:00" level=debug msg="Registering client komga with policy two_factor (two_factor)" time="2024-03-15T10:05:48+01:00" level=info msg="Storage schema is being checked for updates" time="2024-03-15T10:05:48+01:00" level=info msg="Storage schema is already up to date" time="2024-03-15T10:05:48+01:00" level=debug msg="Create Server Service (metrics) skipped" time="2024-03-15T10:05:48+01:00" level=info msg="Startup complete" time="2024-03-15T10:05:48+01:00" level=info msg="Listening for non-TLS connections on '[::]:9091' path '/'" server=main service=server time="2024-03-15T10:06:38+01:00" level=debug msg="Authorization Request with id 'b4c6c509-6b49-4c94-8ff9-8b38615c8d7f' on client with id 'komga' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:38+01:00" level=debug msg="Authorization Request with id 'b4c6c509-6b49-4c94-8ff9-8b38615c8d7f' on client with id 'komga' using consent mode 'explicit' proceeding to generate a new consent session" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:38+01:00" level=debug msg="Authorization Request with id 'b4c6c509-6b49-4c94-8ff9-8b38615c8d7f' on client with id 'komga' using consent mode 'explicit' authentication level 'two_factor' is sufficient for client level 'two_factor'" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:38+01:00" level=debug msg="Authorization Request with id 'b4c6c509-6b49-4c94-8ff9-8b38615c8d7f' on client with id 'komga' using consent mode 'explicit' is being redirected to 'https://auth.sdskh.com/consent?id=7b965272-1d0b-42c6-b4d5-e8a9d825664a'" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:39+01:00" level=debug msg="Authorization Request with id '446f0458-fe77-4279-bcdc-ba579f934da6' on client with id 'komga' is being processed" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:39+01:00" level=debug msg="Authorization Request with id '446f0458-fe77-4279-bcdc-ba579f934da6' on client with id 'komga' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=192.168.0.180 time="2024-03-15T10:06:39+01:00" level=debug msg="Access Request with id '446f0458-fe77-4279-bcdc-ba579f934da6' on client with id 'komga' is being processed" method=POST path=/api/oidc/token remote_ip=192.168.0.33 time="2024-03-15T10:06:39+01:00" level=debug msg="Access Request with id '446f0458-fe77-4279-bcdc-ba579f934da6' on client with id 'komga' has successfully been processed" method=POST path=/api/oidc/token remote_ip=192.168.0.33 time="2024-03-15T10:06:39+01:00" level=debug msg="UserInfo Request with id 'ee43be7d-511d-443c-ad62-50e83bbf57f6' is being processed" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33 time="2024-03-15T10:06:39+01:00" level=debug msg="UserInfo Request with id 'ee43be7d-511d-443c-ad62-50e83bbf57f6' on client with id 'komga' is being returned unsigned as per the registered client configuration" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33 time="2024-03-15T10:06:39+01:00" level=debug msg="UserInfo Request with id 'ee43be7d-511d-443c-ad62-50e83bbf57f6' on client with id 'komga' was successfully processed" method=GET path=/api/oidc/userinfo remote_ip=192.168.0.33
config:
`
###############################################################

Authelia configuration

###############################################################

server:
address: 'tcp://0.0.0.0:9091'

identity_validation:
reset_password:
jwt_secret: 'DcBN/BLeiFOC6SJQEKzT8KA6IsTBlALwvtZXVcQEdw'

log:
file_path: /config/logs/authelia.log
level: debug

totp:
issuer: xxxx.com
period: 30
skew: 1

ntp:
address: "time.cloudflare.com:123"
version: 3
max_desync: 3s
disable_startup_check: false
disable_failure: true

authentication_backend:
file:
path: /config/users.yml
password:
algorithm: argon2id
iterations: 3
key_length: 32
salt_length: 16
parallelism: 4
memory: 64

access_control:
default_policy: 'deny'
networks:

• name: 'internal'
  networks:
  • '192.168.0.0/24'
    rules:
• domain:
  • 'mail.xxxx.com'
  • 'auth.xxxxx.com'
    policy: 'bypass'
• domain: '*.xxxx.com'
  policy: 'two_factor'

session:
name: authelia_session
secret: 'UympN4prVBScaCTOl3c0QiENxZ2sIhB20cFOASqao'
expiration: 3600
inactivity: 7200
domain: xxxx.com

redis:
host: authelia_redis
port: 6379

regulation:
max_retries: 10
find_time: 2m
ban_time: 5m

theme: auto

storage:
encryption_key: eyfpikVtXdEWgP0GJW4VcyyFOG5/s8aTDMwBCvxieE8=
local:
path: /config/db.sqlite3

notifier:
smtp:
address: 'submissions://mail.smtp2go.com:465'
username: 'authelia'
password: 'yNEnDfrvgC7fNyBI'
sender: "authelia@xxxxx.com"

identity_providers:
oidc:
hmac_secret: eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTY2Mzc1MTEwOCwiaWF0IjoxNjYzNzUxMTA4fQ.17XHVt7UJdpJSp4mrL8O338ZQT7VjAO91_tlZItfzA4
jwks:
- key_id: 'xxxxx'
algorithm: 'RS256'
use: 'sig'
key: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDiNX8erEfwJ1e7
/fUUvC3LCSxffarC1QoX+y3CZ4GH2aSbgarM1gARD/kV1EQg1bekCyP2EKsSdXUm
RS2E7CnzHZlVWr54BWZk76RajRjk50QFMotIj488TSwuH5NHi/Xp5zc6ED0n2rM6
RNQ2WzyvjMvE6DUfrky9uKoLSW6txDd3e8Df7Qf5Sz/hP4Jy6Zy2wLb/IfZ+lU3q
syPI6WN9kdVOTq58amyTNq7w3OM/zhOMuLfmk8aNeqL7hk2Rjsrr7kwDCs7Lr4Tr
xhd4I3GecGM6JCGH9yWq2oyOsI0/FcbKj0WuPuOZrqDX9Udm5u6rsqP1SUTolYDp
jqN5Eav9AgMBAAECggEAcWjyv5UOSAfhg53SNsAVkVqbBZECgMXAVr+WdIXiOhLS
5SgxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSiPb10CxQYAy0MOEM5gq6dAbpoH
NumSxiBMTy6OplYiC778NWlKXQE7y9Maq7vRr8rHfgnfR6zyWS2R4QUX59Ie3n0v
s4CzXEEvlwKBgCkXmSiA87Fjsn2zzrGlYWiSkH+yGvqanm2WnD4eO3eDF8ITXLqX
FwUQwpDxi43PtzB8xsQRAgJopLkvruMPp+f1UVIdDPsZYQ56QnneHHj4KRoLvBrI
urSTYnt/esC0VYzNubJ5PXmzo8AiLBdxH9Y0dv3B/c0qAh7g6QVJJUG/AoGAdBXS
6btkj5ULoWMxb0jvO0PEHiOdJat1JboEzA70o+jA4LjfY2cgHREyVZZjiNRyp0o4
Z7ygzDr78mjShMYDLoIEEQnTR4eR4rritYgv580b+qBKEZGbTaDa35lbGGd/IGMR
SzFldE8yG0y7tE9YaVIwSWOkyZyrDG4ApqXWnt0CgYAtFKcNFnt3ccqeLtd8Ojmf
HZ6r56HBJC49UoPxZiOJVWw8rNLiggqWqffagBWgUUHGizZ2kPCECqRMkvOoHzPE
DZJlsEvbfDinhUztmP7ySoyC0CtswHe/z7ds17i1R7uPoscnSlpwE/3z+9lINMIB
dC7N7ivbfdEunEJGBEN2Ug==
-----END PRIVATE KEY-----
lifespans:
access_token: '1h'
authorize_code: '1m'
id_token: '1h'
refresh_token: '90m'
cors:
endpoints:
- authorization
- token
- revocation
- introspection

clients: 

• client_id: 'komga'
  client_name: 'Komga'
  client_secret: 'UY0doeecmWtMMFvHohNNCkeZr7qsIouc'
  public: false
  authorization_policy: 'two_factor'
  redirect_uris:
  - 'https://komga.xxxx.com/login/oauth2/code/authelia'
  scopes:
  - 'openid'
  - 'profile'
  - 'email'
  grant_types:
  - 'authorization_code'
  userinfo_signed_response_alg: 'none'
  `

For Komga
'2024-03-15T10:06:48.092+01:00 INFO 1 --- [task-1407] o.g.k.i.security.LoginListener : AuthenticationActivity(userId=0CF0GXYN9PEPW, email=stan@xxxx.com, ip=192.168.0.180, userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36, success=true, error=null, dateTime=2024-03-15T10:06:48.092150699, source=OAuth2:Authelia)'

config:
spring: security: oauth2: client: registration: authelia: client-id: 'komga' client-secret: 'UY0doeecmWtMMFvHohNNCkeZr7qsIouc' client-name: 'Authelia' scope: 'openid,profile,email' authorization-grant-type: 'authorization_code' redirect-uri: "{baseScheme}://{baseHost}{basePort}{basePath}/login/oauth2/code/authelia" provider: authelia: issuer-uri: 'https://auth.xxx.com' user-name-attribute: 'preferred_username'

I'm not seeing an error on kogma either.. is the email correct?

yes the email is correct and mapped correctly in komga
stan@xxx.com

the url inside the login popup is
https://komga.xxxx.com/dashboard?server_redirect=Y

doesn't close the pop-up and doesn't login the undelying page

But there are no errors anywhere? Browser popups? Browser console?

Browser popups?

I can see the same thing, think it's an issue on their end combined with an addition security precaution we added with the CORP headers. I'll confirm it and figure out what to do.

I'm waiting and no emergency at all :)

Think 4.38.3 fixes this.

Sorry still the same behavior. Komga opens in the login windows

Are you sure 4.37.5 still works?

Yes
With previous version of authelia (same version of komga) the pop up closes itself and komga is login on homepage

You have gone back to try it or it was working prior to updating or both?

I have two dockers. 1 in prior version (thanks to veeam) and one with the new one.
And two folders on the same host.
Secret are the same

Make sure its the same version of komga?

Yes the same. Didn't move.

Should be fixed with authelia/authelia:fix-header-consistency.

@stanthewizzard did this fix it for you?

YES !!
It works
THANKS