Security error when using a webpack devServer proxy
singulusoculus opened this issue · comments
Describe the bug
The setup: I have a front end dev environment using Svelte and webpack running at port 8080 that has a proxy to my express server running at port 3000. I originally used your Vue example and converted it for Svelte. I am able to connect with SSO from localhost:8080 up to version 0.1.52.
At version 0.1.53, when I try to connect with SSO at localhost:8080 via the proxy server I am getting the following error:
Error: AcceptSecurityContext: SECURITY_STATUS incorrect (<0): (error code: 0x80090308) The token supplied to the function is invalid
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\node-expose-sspi\src\sso\auth.ts:132:44
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\node-expose-sspi\src\sso\auth.ts:226:7
at Layer.handle [as handle_request] (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\layer.js:95:5)
at next (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\route.js:137:13)
at Route.dispatch (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\route.js:112:3)
at Layer.handle [as handle_request] (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\layer.js:95:5)
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:281:22
at Function.process_params (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:335:12)
at next (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:275:10)
at Immediate._onImmediate (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express-session\index.js:495:7)
statusInfo: {
adminPrivileges: false,
isOnDomain: true,
domain: 'MYDOMAIN',
isActiveDirectoryReachable: true
}
messageType: NTLM_AUTHENTICATE_03
UnauthorizedError: Error while doing SSO: AcceptSecurityContext: SECURITY_STATUS incorrect (<0): (error code: 0x80090308) The token supplied to the function is invalid
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\node-expose-sspi\src\sso\auth.ts:224:25
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\node-expose-sspi\src\sso\auth.ts:226:7
at Layer.handle [as handle_request] (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\layer.js:95:5)
at next (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\route.js:137:13)
at Route.dispatch (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\route.js:112:3)
at Layer.handle [as handle_request] (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\layer.js:95:5)
at C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:281:22
at Function.process_params (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:335:12)
at next (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express\lib\router\index.js:275:10)
at Immediate.<anonymous> (C:\Users\brian.casey\Desktop\projects\ap-review-nes-test\node_modules\express-session\index.js:495:7)
My SSO connect is as follows :
app.get("/action/connect-with-sso", sso.auth({useSession: true}), (req, res) => {
if (!req.sso) {
delete req.session.sso;
res.status(401).end();
return;
}
req.session.sso = req.sso;
res.json({ user: req.sso.user });
});
My session is configured as follows:
app.use(
session({
secret: apSecret, // env variable
resave: false,
saveUninitialized: true,
name: 'express-sso-session'
})
);
I also have my express server set up to serve my public directory at localhost:3000 (for when I move this to production) so I can get to my app there as well. If I start the server and try to get to the app via 8080 I get the security error. If I go to the app at localhost:3000 and then try again at 8080 it then works at 8080.
Expected behavior
I expect to be able to use a proxy server from my front end dev environment and not get the security error.
Environment version:
- OS: Windows 10 Pro version 20H2 build 19042.508
- Browser version: Chrome 88
- Node version and architecture: 14.15.5
Please indicates also:
- Are you on a Windows domain ? yes
- Can you reach the domain controller ? yes
- Do your session have admin privileges ? no
- Which authentication protocol ? Unknown
please try with last version 0.1.55.
Same error from 0.1.53 - 0.1.55.
ok, I am going to do a sample project with Svelte and come back to you.
@singulusoculus take a look at #91. This seems to be the same issue. Try changing the proxy => node connection to keep alive or apply the fix there.
Please try 0.1.58.
Closed.