openidc.lua:1475: authenticate(): request to the redirect_uri path but there's no session state found. KONG_X_SESSION_SECRET's been set.
SecFromTheNest opened this issue · comments
Got this error when redirected back after successfully logged in from Keycloak.
openidc.lua:1475: authenticate(): request to the redirect_uri path but there's no session state found, client: 172.18.0.1, server: kong, request: "GET /cb?state=8c3eae03d96abf7ce7b9f91d0229fce2&session_state=0a7a489c-b5ba-4aeb-8f6b-52dc7481b596&code=d4eba5ac-ab77-4b5a-b7f4-b18efd9ac708.0a7a489c-b5ba-4aeb-8f6b-52dc7481b596.18885a48-8ea5-4d78-8eae-9fc2478fb0e5 HTTP/1.1", host: "localhost:18000"
OP: Keycloak.
-e KONG_X_SESSION_SECRET=Q211IzIwMTc=
-e KONG_X_SESSION_NAME=oidc_session \
kong-oidc session_secret set to Q211IzIwMTc=
- I assume you use 3.2.2-2?
- I assume there is only 1 instance of keycloak?
- Can you please provide the full command line that you have started kong with?
#!/bin/bash
cd `readlink -f $0 | grep -o '.*/'`
. common.sh
set -x
docker run -d -it \
--network=kong-net \
--name $DOCKER_CONTAINER \
--hostname $DOCKER_CONTAINER \
-e KONG_LOG_LEVEL=info \
-e KONG_ADMIN_ACCESS_LOG=/dev/stdout \
-e KONG_ADMIN_ERROR_LOG=/dev/stderr \
-e KONG_ADMIN_GUI_ACCESS_LOG=/dev/stdout \
-e KONG_ADMIN_GUI_ERROR_LOG=/dev/stderr \
-e KONG_PORTAL_API_ACCESS_LOG=/dev/stdout \
-e KONG_PORTAL_API_ERROR_LOG=/dev/stderr \
-e KONG_PROXY_ACCESS_LOG=/dev/stdout \
-e KONG_PROXY_ERROR_LOG=/dev/stderr \
-e KONG_ANONYMOUS_REPORTS='false' \
-e KONG_CLUSTER_LISTEN='off' \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kongpass" \
-e "KONG_PASSWORD=test" \
-e KONG_LUA_PACKAGE_PATH='/opt/?.lua;/opt/?/init.lua;;' \
-e KONG_NGINX_WORKER_PROCESSES='1' \
-e KONG_PLUGINS='bundled,oidc,cookies-to-headers' \
-e KONG_ADMIN_LISTEN='0.0.0.0:8001' \
-e KONG_PROXY_LISTEN='0.0.0.0:8000, 0.0.0.0:8443 http2 ssl' \
-e KONG_STATUS_LISTEN='0.0.0.0:8100' \
-e KONG_NGINX_DAEMON='off' \
-e KONG_X_SESSION_MEMCACHE_PORT="'1234'" \
-e KONG_X_SESSION_COMPRESSOR=zlib \
-e KONG_X_SESSION_SECRET=Q211IzIwMTc= \
-e KONG_X_SESSION_NAME=oidc_session \
-p $KONG_LOCAL_ADMIN_PORT:8001 \
-p $KONG_LOCAL_HTTP_PORT:8000 \
-p $KONG_LOCAL_HTTPS_PORT:8443 \
$DOCKER_IMAGE \
$*
This is my run.sh file. Yes I'm using 3.2.2-2 and having only 1 instance of Keycloak running
Indeed, seems to be caused by breaking changes in lua-resty-session 4 (used by kong 3.2.x). Ref: #37 (comment)
Please use cristianchiru/docker-kong-oidc:3.2.2-3
- should fix the issue.
Issue fixed. Thank you very much!