$session_secret error

Question

$session_secret error

cyf992002 opened this issue 7 years ago · comments

cyf992002 commented 7 years ago

Hello,
I am using this plugin to work with keycloak and get following error every time I send a request to the server. Please help.
2017/06/26 22:15:51 [error] 1014#0: *3793 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/kong/plugins/oidc/session.lua:11: variable "session_secret" not found for writing; maybe it is a built-in variable that is not changeable or you forgot to use "set $session_secret '';" in the config file to define it first?G?
stack traceback:
coroutine 0:
[C]: in function '__newindex'
/usr/local/share/lua/5.1/kong/plugins/oidc/session.lua:11: in function 'configure'
/usr/local/share/lua/5.1/kong/plugins/oidc/handler.lua:27: in function 'access'
/usr/local/share/lua/5.1/kong.lua:295: in function 'access'
access_by_lua(nginx-kong.conf:85):2: in function <access_by_lua(nginx-kong.conf:85):1>, client: 127.0.0.1, server: kong, request: "GET /services/v2/Product HTTP/1.1", host: "127.0.0.1:8000"

cyf992002 · Answer 1 · Tue Jun 27 2017 14:16:15 GMT+0800 (China Standard Time)

Hi Tuomo , Thanks for the reply. Yes, I have. Please see my configuration below. I looked into the code and the plugin works well after I commented out '*session.configure(config)*' in handler.lua. Any thoughts? [image: Inline image 2]

…

On Tue, Jun 27, 2017 at 1:22 PM, Tuomo Syrjänen ***@***.***> wrote: Have you created a client in keycloak for your plugin? When you enable this plugin in kong you should tell client name (client_name_in_oidc_provider) and secret (client_secret_in_oidc_provider), for example curl -i -X POST --url http://localhost:8001/plugins/ --data 'name=<plugin_name>' --data "config.client_id=<client_name_in_oidc_provider>" --data "config.client_secret=<client_secret_in_oidc_provider>" --data "config.discovery=https://<oidc_provider_hostname>/auth/ realms/<realm_name>/.well-known/openid-configuration" — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABJ-OxParGlSQs-xXmWp_xKSiwlrenPgks5sIJGsgaJpZM4OFYSK> .

cyf992002 · Answer 2 · Tue Jun 27 2017 14:21:05 GMT+0800 (China Standard Time)

here comes the config

Tuomo Syrjänen · Answer 3 · Tue Jun 27 2017 17:26:54 GMT+0800 (China Standard Time)

Hi, sorry that I deleted my question.
But it is good that you gave your config because I noticed that we have a bug (there should be no default value, and we have "no").

We have added session_secret because of this
zmartzone/lua-resty-openidc#39

We should correct this (remove default value) and give instructions how to set session_secret (you need also something in ngix configuration).

cyf992002 · Answer 4 · Tue Jun 27 2017 20:52:56 GMT+0800 (China Standard Time)

Could you please tell what Nginx config should I do? and how to set the session secret? Thanks for your help

Tuomo Syrjänen · Answer 5 · Wed Jun 28 2017 18:16:55 GMT+0800 (China Standard Time)

In nginx conf-file we have added under

server {
server_name kong;

following line

set_decode_base64 $session_secret 'XX';

In XX we use some decoded default value which kong-oidc will later change.

When enabling oidc plugin you could give also session_secret, for example

curl -i -X POST --url http://localhost:8001/plugins/
--data 'name=<plugin_name>'
--data "config.client_id=<client_name_in_oidc_provider>"
--data "config.client_secret=<client_secret_in_oidc_provider>"
--data "config.discovery=https://<oidc_provider_hostname>/auth/realms/<realm_name>/.well-known/openid-configuration"
--data "config.session_secret=<base64_encoded password>"