Constant Redirects in v2.4.5+ #546

genio · 2021-02-20T01:53:03Z

genio
Feb 20, 2021

There appears to be a bug in v2.4.5+.

We're running CentOS 8. We've been running v2.3.7 that comes with AppStream for a while. Lately, we've been noticing browsers complaining of too many/large cookies. We wanted to make use of OIDCStateMaxNumberOfCookies 3 true but that requires v2.3.8+.

Looking through the releases, though, we only find RPMs for el8 for the 2.4x versions, so I naturally tried the latest (2.4.6). When visiting a page then, it kept on and kept on in a redirect loop between Azure and our sever. Strange.

I tried v2.4.5 and came across the same thing.

I then tried v2.4.4 and no longer had the issue.

   # LogLevel auth_openidc:debug
    OIDCProviderMetadataURL https://login.microsoftonline.com/<redacted>/v2.0/.well-known/openid-configuration
    OIDCRedirectURI https://<redacted>/secure/uri
    OIDCCookieDomain <redacted>
    OIDCClientID <redacted>
    OIDCClientSecret <redacted>
    OIDCCryptoPassphrase <redacted>
    OIDCScope "openid email profile"
    OIDCRemoteUserClaim email
    OIDCCacheType file
    OIDCCacheDir /tmp/azure_sessions
    OIDCCacheFileCleanInterval 3600
    OIDCOAuthVerifyJwksUri https://login.microsoftonline.com/<redacted>/discovery/v2.0/keys

    # try to keep our cookies cleaned up:
    OIDCStateMaxNumberOfCookies 3 true

    <Location /secure/uri/>
        AuthType auth-openidc
        Require claim hd:<redacted>.com
        Require claim aud:ac_oic_client
    </Location>

    DocumentRoot "/foo/bar"
    <Directory /foo/bar>
        SSLRequireSSL
        SSLOptions +StdEnvVars

        AuthType auth-openidc
        Require valid-user
    </Directory>

zandbelt · 2021-02-20T08:30:58Z

zandbelt
Feb 20, 2021
Maintainer

the server debug logs will tell you why this happens, most probably a cookie issue

0 replies

genio · 2021-02-20T16:02:48Z

genio
Feb 20, 2021
Author

I'm not quite sure how it'd be a cookie issue if other versions work, but here's some hopefully helpful output. If I've redacted to the point of uselessness, my apologies. I'd be able to send more info in a more secure manner or maybe even show the behavior in a Zoom session. I'm sure it's something dumb I've done, but I can't see it. The entire config associated with mod_auth_openidc is in the initial question.

# systemctl stop httpd
# dnf remove mod_auth_openidc
# dnf install mod_auth_openidc-2.4.6-1.el8.x86_64.rpm

... edit apache conf to turn on LogLevel auth_openidc:debug

# systemctl start httpd

... tail logs and visit a page that's a simple html page with no other requests associated
... brings up our Azure SSO login page like normal. Login, go through multi-factor, get redirected back to the site. redirect hell from the site

[Sat Feb 20 15:36:00.354879 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(511): [client redacted_ip:49982] oidc_get_current_url: current URL 'https://redacted_url/reports/'
[Sat Feb 20 15:36:00.354884 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/mod_auth_openidc.c(2239): [client redacted_ip:49982] oidc_authenticate_user: enter
[Sat Feb 20 15:36:00.354890 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/cache/common.c(584): [client redacted_ip:49982] oidc_cache_get: enter: https://login.microsoftonline.com/TENANT_ID_HERE/v2.0/.well-known/openid-configuration (section=p, decrypt=1, type=file)
[Sat Feb 20 15:36:00.355002 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/cache/common.c(618): [client redacted_ip:49982] oidc_cache_get: cache hit: return 1651 bytes from file cache backend for encrypted key <redacted>
[Sat Feb 20 15:36:00.355101 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/proto.c(75): [client redacted_ip:49982] oidc_proto_generate_random_bytes: apr_generate_random_bytes call for 32 bytes
[Sat Feb 20 15:36:00.355133 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/proto.c(77): [client redacted_ip:49982] oidc_proto_generate_random_bytes: apr_generate_random_bytes returned
[Sat Feb 20 15:36:00.355144 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(1271): [client redacted_ip:49982] oidc_util_request_matches_url: comparing "/reports/"=="/secure/uri"
[Sat Feb 20 15:36:00.355153 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/mod_auth_openidc.c(225): [client redacted_ip:49982] oidc_get_browser_state_hash: enter
[Sat Feb 20 15:36:00.355160 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(2405): [client redacted_ip:49982] oidc_util_hdr_in_get: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.68
[Sat Feb 20 15:36:00.355171 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(2172): [client redacted_ip:49982] oidc_util_create_symmetric_key: key_len=32
[Sat Feb 20 15:36:00.355228 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(995): [client redacted_ip:49982] oidc_util_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Sat Feb 20 15:36:00.355243 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(2483): [client redacted_ip:49982] oidc_util_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>; Path=/; Domain=redacted_url; Secure; HttpOnly; SameSite=None
[Sat Feb 20 15:36:00.355263 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/proto.c(653): [client redacted_ip:49982] oidc_proto_authorization_request: enter, issuer=https://login.microsoftonline.com/TENANT_ID_HERE/v2.0, redirect_uri=https://redacted_url/secure/uri, state=<redacted_state>, proto_state={"ou":"https://redacted_url/reports/","om":"get","i":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","rt":"code","n":"<redacted_code>","t":1613835360}, code_challenge=(null), auth_request_params=(null), path_scope=(null)
[Sat Feb 20 15:36:00.355277 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: response_type=code
[Sat Feb 20 15:36:00.355309 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: scope=openid email profile
[Sat Feb 20 15:36:00.355326 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: client_id=<client_id_here>
[Sat Feb 20 15:36:00.355342 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: state=<redacted_state>
[Sat Feb 20 15:36:00.355356 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: redirect_uri=https://redacted_url/secure/uri
[Sat Feb 20 15:36:00.355373 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(613): [client redacted_ip:49982] oidc_util_http_add_form_url_encoded_param: processing: nonce=<redacted_code>
[Sat Feb 20 15:36:00.355395 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(642): [client redacted_ip:49982] oidc_util_http_query_encoded_url: url=https://login.microsoftonline.com/TENANT_ID_HERE/oauth2/v2.0/authorize?response_type=code&scope=openid%20email%20profile&client_id=<client_id_here>&state=<redacted_state>&redirect_uri=https%3A%2F%2Fredacted_url%2Fsecure%2Furi&nonce=<redacted_code>
[Sat Feb 20 15:36:00.355403 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(2461): [client redacted_ip:49982] oidc_util_hdr_table_set: Location: https://login.microsoftonline.com/TENANT_ID_HERE/oauth2/v2.0/authorize?response_type=code&scope=openid%20email%20profile&client_id=<client_id_here>&state=<redacted_state>&redirect_uri=https%3A%2F%2Fredacted_url%2Fsecure%2Furi&nonce=<redacted_code>
[Sat Feb 20 15:36:00.355412 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/util.c(2483): [client redacted_ip:49982] oidc_util_hdr_err_out_add: Cache-Control: no-cache, no-store, max-age=0
[Sat Feb 20 15:36:00.355416 2021] [auth_openidc:debug] [pid 1060452:tid 140541312161536] src/proto.c(782): [client redacted_ip:49982] oidc_proto_authorization_request: return: 302
[Sat Feb 20 15:36:49.240304 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(3840): [client redacted_ip:50072] oidc_check_user_id: incoming request: "/secure/uri?(null)", ap_is_initial_req(r)=0, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240347 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/oauth.c(201): [client redacted_ip:50072] oidc_oauth_get_bearer_token: accept_token_in=0, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240353 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/oauth.c(292): [client redacted_ip:50072] oidc_oauth_get_bearer_token: no bearer token found in the allowed methods: [], referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240361 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2405): [client redacted_ip:50072] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240370 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1109): [client redacted_ip:50072] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240375 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1271): [client redacted_ip:50072] oidc_util_request_matches_url: comparing "/secure/uri"=="/secure/uri", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240380 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2475): [client redacted_ip:50072] oidc_proto_javascript_implicit: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240541 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(3840): [client redacted_ip:50072] oidc_check_user_id: incoming request: "/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>", ap_is_initial_req(r)=1, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240554 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/oauth.c(201): [client redacted_ip:50072] oidc_oauth_get_bearer_token: accept_token_in=0, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240558 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/oauth.c(292): [client redacted_ip:50072] oidc_oauth_get_bearer_token: no bearer token found in the allowed methods: [], referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240563 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2405): [client redacted_ip:50072] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240571 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1109): [client redacted_ip:50072] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240575 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1271): [client redacted_ip:50072] oidc_util_request_matches_url: comparing "/secure/uri"=="/secure/uri", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240580 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(2066): [client redacted_ip:50072] oidc_handle_redirect_authorization_response: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240612 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1595): [client redacted_ip:50072] oidc_util_read_form_encoded_params: read: code=<really_long_code>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240625 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1595): [client redacted_ip:50072] oidc_util_read_form_encoded_params: read: state=<redacted_state>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240689 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1595): [client redacted_ip:50072] oidc_util_read_form_encoded_params: read: session_state=<session_state>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240697 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1600): [client redacted_ip:50072] oidc_util_read_form_encoded_params: parsed: 904 bytes into 3 elements, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240701 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1889): [client redacted_ip:50072] oidc_handle_authorization_response: enter, response_mode=query, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240705 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1520): [client redacted_ip:50072] oidc_authorization_response_match_state: enter (state=<redacted_state>), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240708 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(649): [client redacted_ip:50072] oidc_restore_proto_state: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240714 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2405): [client redacted_ip:50072] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240723 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2405): [client redacted_ip:50072] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240734 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(1109): [client redacted_ip:50072] oidc_util_get_cookie: returning "mod_auth_openidc_state_<redacted_state>" = "<state_value>.J<state_value_longer_part>", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240744 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(995): [client redacted_ip:50072] oidc_util_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240752 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2483): [client redacted_ip:50072] oidc_util_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_<redacted_state>=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Domain=redacted_url; Secure; HttpOnly; SameSite=None, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240762 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(199): [client redacted_ip:50072] oidc_util_jwt_verify: enter: JWT header={"alg": "dir", "enc": "A256GCM"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240772 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2172): [client redacted_ip:50072] oidc_util_create_symmetric_key: key_len=32, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240821 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(225): [client redacted_ip:50072] oidc_get_browser_state_hash: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240825 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2405): [client redacted_ip:50072] oidc_util_hdr_in_get: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.68, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240837 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(710): [client redacted_ip:50072] oidc_restore_proto_state: restored state: {"ou":"https://redacted_url/reports/","om":"get","i":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","rt":"code","n":"<redacted_code>","t":1613835360,"s":"<redacted_state>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240843 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(584): [client redacted_ip:50072] oidc_cache_get: enter: https://login.microsoftonline.com/TENANT_ID_HERE/v2.0/.well-known/openid-configuration (section=p, decrypt=1, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240894 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(618): [client redacted_ip:50072] oidc_cache_get: cache hit: return 1651 bytes from file cache backend for encrypted key <redacted>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.240998 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(3031): [client redacted_ip:50072] oidc_proto_handle_authorization_response_code: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241011 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2835): [client redacted_ip:50072] oidc_proto_validate_issuer_client_id: iss and/or client_id matched OK: (null), https://login.microsoftonline.com/TENANT_ID_HERE/v2.0, (null), <client_id_here>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241019 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2055): [client redacted_ip:50072] oidc_proto_resolve_code: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241024 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1909): [client redacted_ip:50072] oidc_proto_token_endpoint_auth: token_endpoint_auth=client_secret_basic, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241029 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1730): [client redacted_ip:50072] oidc_proto_endpoint_client_secret_basic: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241229 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(613): [client redacted_ip:50072] oidc_util_http_add_form_url_encoded_param: processing: grant_type=authorization_code, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241259 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(613): [client redacted_ip:50072] oidc_util_http_add_form_url_encoded_param: processing: code=<really_long_code>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241282 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(613): [client redacted_ip:50072] oidc_util_http_add_form_url_encoded_param: processing: redirect_uri=https://redacted_url/secure/uri, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241303 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(659): [client redacted_ip:50072] oidc_util_http_form_encoded_data: data=grant_type=authorization_code&code=<really_long_code>&redirect_uri=https%3A%2F%2Fredacted_url%2Fsecure%2Furi, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.241317 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(685): [client redacted_ip:50072] oidc_util_http_call: url=https://login.microsoftonline.com/TENANT_ID_HERE/oauth2/v2.0/token, data=grant_type=authorization_code&code=<really_long_code>&redirect_uri=https%3A%2F%2Fredacted_url%2Fsecure%2Furi, content_type=application/x-www-form-urlencoded, basic_auth=****, bearer_token=(null), ssl_validate_server=1, timeout=60, outgoing_proxy=(null), pass_cookies=0, ssl_cert=(null), ssl_key=(null), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.833054 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(876): [client redacted_ip:50072] oidc_util_http_call: HTTP response code=200, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.833106 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(881): [client redacted_ip:50072] oidc_util_http_call: response={"token_type":"Bearer","scope":"profile openid email User.Read","expires_in":3599,"ext_expires_in":3599,"access_token":"<really_long_access_token>","id_token":"<really_long_id_token>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835093 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2676): [client redacted_ip:50072] oidc_proto_validate_code_response: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835144 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1625): [client redacted_ip:50072] oidc_proto_parse_idtoken: enter: id_token header={"typ":"JWT","alg":"RS256","kid":"<kid_val>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835164 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2172): [client redacted_ip:50072] oidc_util_create_symmetric_key: key_len=32, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835243 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1652): [client redacted_ip:50072] oidc_proto_parse_idtoken: successfully parsed (and possibly decrypted) JWT with header={"typ":"JWT","alg":"RS256","kid":"<kid_val>"}, and payload={"aud":"<client_id_here>","iss":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","iat":1613835109,"nbf":1613835109,"exp":1613839009,"aio":"<aio_val>","email":"<my_email_address>","name":"<My Name>","nonce":"<redacted_code>","oid":"<oid_guid>","preferred_username":"<my_email_address>","rh":"<rh_val>","sub":"<sub_value>","tid":"TENANT_ID_HERE","uti":"<util_val>","ver":"2.0"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835256 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2172): [client redacted_ip:50072] oidc_util_create_symmetric_key: key_len=44, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835264 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/metadata.c(651): [client redacted_ip:50072] oidc_metadata_jwks_get: enter, jwks_uri=https://login.microsoftonline.com/TENANT_ID_HERE/discovery/v2.0/keys, refresh=0, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835272 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(584): [client redacted_ip:50072] oidc_cache_get: enter: https://login.microsoftonline.com/TENANT_ID_HERE/discovery/v2.0/keys (section=j, decrypt=1, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835319 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(181): [client redacted_ip:50072] oidc_cache_file_get: cache miss for key "VqewI9p40Al2wyTlS5qDUMbJ_Gu2QXTtMTwRlKtYLK4", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835325 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(620): [client redacted_ip:50072] oidc_cache_get: cache miss from file cache backend for encrypted key VqewI9p40Al2wyTlS5qDUMbJ_Gu2QXTtMTwRlKtYLK4, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835331 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(642): [client redacted_ip:50072] oidc_util_http_query_encoded_url: url=https://login.microsoftonline.com/TENANT_ID_HERE/discovery/v2.0/keys, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.835338 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(685): [client redacted_ip:50072] oidc_util_http_call: url=https://login.microsoftonline.com/TENANT_ID_HERE/discovery/v2.0/keys, data=(null), content_type=(null), basic_auth=null, bearer_token=(null), ssl_validate_server=1, timeout=60, outgoing_proxy=(null), pass_cookies=0, ssl_cert=(null), ssl_key=(null), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.952236 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(876): [client redacted_ip:50072] oidc_util_http_call: HTTP response code=200, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.952295 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(881): [client redacted_ip:50072] oidc_util_http_call: response={"keys":[{"kty":"RSA","use":"sig","kid":"<kid_val>","x5t":"<kid_val>","n":"<n_val>","e":"AQAB","x5c":["<some_cert>"],"issuer":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0"},{"kty":"RSA","use":"sig","kid":"<kid_id>","x5t":"<kid_id>","n":"<long_string>","e":"AQAB","x5c":["<another_cert>"],"issuer":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0"},{"kty":"RSA","use":"sig","kid":"<some_kid>","x5t":"<some_kid>","n":"<long_string>","e":"AQAB","x5c":["<another_cert>"],"issuer":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0"}]}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.953865 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(643): [client redacted_ip:50072] oidc_cache_set: enter: https://login.microsoftonline.com/TENANT_ID_HERE/discovery/v2.0/keys (section=j, len=4762, encrypt=1, ttl(s)=3599, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.954614 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(286): [client redacted_ip:50072] oidc_cache_file_clean: start cleaning cycle, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955215 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(439): [client redacted_ip:50072] oidc_cache_file_set: successfully stored entry for key "VqewI9p40Al2wyTlS5qDUMbJ_Gu2QXTtMTwRlKtYLK4" in file of 6375 bytes, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955228 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(671): [client redacted_ip:50072] oidc_cache_set: successfully stored 6374 bytes in file cache backend for encrypted key VqewI9p40Al2wyTlS5qDUMbJ_Gu2QXTtMTwRlKtYLK4, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955235 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1392): [client redacted_ip:50072] oidc_proto_get_key_from_jwks: search for kid "<kid_val>" or thumbprint x5t "(null)", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955330 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1454): [client redacted_ip:50072] oidc_proto_get_key_from_jwks: found matching kid: "<kid_val>" for jwk: {"kty":"RSA","kid":"<kid_val>","e":"AQAB","n":"<n_val>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955341 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1524): [client redacted_ip:50072] oidc_proto_get_keys_from_jwks_uri: returning 1 key(s) obtained from the (possibly cached) JWKs URI, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955397 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1581): [client redacted_ip:50072] oidc_proto_jwt_verify: JWT signature verification with algorithm "RS256" was successful, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955415 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1346): [client redacted_ip:50072] oidc_proto_validate_idtoken: enter, jwt.header="{"typ":"JWT","alg":"RS256","kid":"<kid_val>"}", jwt.payload="{"aud":"<client_id_here>","iss":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","iat":1613835109,"nbf":1613835109,"exp":1613839009,"aio":"<aio_val>","email":"<my_email_address>","name":"<My Name>","nonce":"<redacted_code>","oid":"<oid_guid>","preferred_username":"<my_email_address>","rh":"<rh_val>","sub":"<sub_value>","tid":"TENANT_ID_HERE","uti":"<util_val>","ver":"2.0"}", nonce="<redacted_code>", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955424 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(584): [client redacted_ip:50072] oidc_cache_get: enter: <redacted_code> (section=n, decrypt=1, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955449 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(181): [client redacted_ip:50072] oidc_cache_file_get: cache miss for key "HCUqytauaxqdnfz0rtyKk0-xF3TOAVgGiQ8wJnhZUNk", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955454 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(620): [client redacted_ip:50072] oidc_cache_get: cache miss from file cache backend for encrypted key HCUqytauaxqdnfz0rtyKk0-xF3TOAVgGiQ8wJnhZUNk, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955459 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(643): [client redacted_ip:50072] oidc_cache_set: enter: <redacted_code> (section=n, len=43, encrypt=1, ttl(s)=1209, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955481 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(279): [client redacted_ip:50072] oidc_cache_file_clean: last cleanup call was less than 3600 seconds ago (next one as early as in 3599 secs), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955515 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(439): [client redacted_ip:50072] oidc_cache_file_set: successfully stored entry for key "HCUqytauaxqdnfz0rtyKk0-xF3TOAVgGiQ8wJnhZUNk" in file of 83 bytes, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955520 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(671): [client redacted_ip:50072] oidc_cache_set: successfully stored 82 bytes in file cache backend for encrypted key HCUqytauaxqdnfz0rtyKk0-xF3TOAVgGiQ8wJnhZUNk, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955524 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1142): [client redacted_ip:50072] oidc_proto_validate_nonce: nonce "<redacted_code>" validated successfully and is now cached for 1210 seconds, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955530 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2696): [client redacted_ip:50072] oidc_util_json_validate_cnf: enter: policy=optional, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955533 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2703): [client redacted_ip:50072] oidc_util_json_validate_cnf: no "cnf" claim found in the token, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955542 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(1692): [client redacted_ip:50072] oidc_proto_parse_idtoken: valid id_token for user "<sub_value>" expires: [Sat, 20 Feb 2021 16:36:49 GMT], in 3600 secs from now), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955551 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1106): [client redacted_ip:50072] oidc_retrieve_claims_from_userinfo_endpoint: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955561 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2298): [client redacted_ip:50072] oidc_proto_resolve_userinfo: enter, endpoint=https://graph.microsoft.com/oidc/userinfo, access_token=<really_long_access_token>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955574 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(642): [client redacted_ip:50072] oidc_util_http_query_encoded_url: url=https://graph.microsoft.com/oidc/userinfo, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:49.955583 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(685): [client redacted_ip:50072] oidc_util_http_call: url=https://graph.microsoft.com/oidc/userinfo, data=(null), content_type=(null), basic_auth=null, bearer_token=<really_long_access_token>, ssl_validate_server=1, timeout=60, outgoing_proxy=(null), pass_cookies=0, ssl_cert=(null), ssl_key=(null), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.038083 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(876): [client redacted_ip:50072] oidc_util_http_call: HTTP response code=200, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.038125 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(881): [client redacted_ip:50072] oidc_util_http_call: response={"sub":"<sub_value>","name":"<My Name>","family_name":"<my_last_name>","given_name":"<my_first_name>","picture":"https://graph.microsoft.com/v1.0/me/photo/$value","email":"<my_email_address>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039018 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2105): [client redacted_ip:50072] oidc_user_info_response_validate: enter: userinfo_signed_response_alg=(null), userinfo_encrypted_response_alg=(null), userinfo_encrypted_response_enc=(null), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039050 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2172): [client redacted_ip:50072] oidc_util_create_symmetric_key: key_len=32, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039078 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2205): [client redacted_ip:50072] oidc_proto_resolve_composite_claims: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039084 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/proto.c(2336): [client redacted_ip:50072] oidc_proto_resolve_userinfo: id_token_sub=<sub_value>, user_info_sub=<sub_value>, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039471 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2114): [client redacted_ip:50072] oidc_util_json_merge: src={"aud":"<client_id_here>","iss":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","iat":1613835109,"nbf":1613835109,"exp":1613839009,"aio":"<aio_val>","email":"<my_email_address>","name":"<My Name>","nonce":"<redacted_code>","oid":"<oid_guid>","preferred_username":"<my_email_address>","rh":"<rh_val>","sub":"<sub_value>","tid":"TENANT_ID_HERE","uti":"<util_val>","ver":"2.0"}, dst={"sub":"<sub_value>","name":"<My Name>","family_name":"<my_last_name>","given_name":"<my_first_name>","picture":"https://graph.microsoft.com/v1.0/me/photo/$value","email":"<my_email_address>"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039508 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2125): [client redacted_ip:50072] oidc_util_json_merge: result dst={"sub":"<sub_value>","name":"<My Name>","family_name":"<my_last_name>","given_name":"<my_first_name>","picture":"https://graph.microsoft.com/v1.0/me/photo/$value","email":"<my_email_address>","aud":"<client_id_here>","iss":"https://login.microsoftonline.com/TENANT_ID_HERE/v2.0","iat":1613835109,"nbf":1613835109,"exp":1613839009,"aio":"<aio_val>","nonce":"<redacted_code>","oid":"<oid_guid>","preferred_username":"<my_email_address>","rh":"<rh_val>","tid":"TENANT_ID_HERE","uti":"<util_val>","ver":"2.0"}, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039520 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1672): [client redacted_ip:50072] oidc_set_request_user: set remote_user to "<my_email_address>" based on claim: "email", referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039586 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1724): [client redacted_ip:50072] oidc_save_in_session: session management disabled: "check_session_iframe" is not set in provider configuration, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039591 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1019): [client redacted_ip:50072] oidc_store_userinfo_claims: enter, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039625 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1760): [client redacted_ip:50072] oidc_save_in_session: provider->session_max_duration = 28800, session_expires=1613864210039623, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039631 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(867): [client redacted_ip:50072] oidc_log_session_expires: session max lifetime: Sat, 20 Feb 2021 23:36:50 GMT (in 28799 secs from now), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039637 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(1771): [client redacted_ip:50072] oidc_save_in_session: provider->backchannel_logout_supported=0, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039745 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(643): [client redacted_ip:50072] oidc_cache_set: enter: 604f3896-1290-447d-b3d7-9a614f4ebd3d (section=s, len=5257, encrypt=1, ttl(s)=299, type=file), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.039911 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(279): [client redacted_ip:50072] oidc_cache_file_clean: last cleanup call was less than 3600 seconds ago (next one as early as in 3599 secs), referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040021 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/file.c(439): [client redacted_ip:50072] oidc_cache_file_set: successfully stored entry for key "gnkMDU9sbJbFSQgK35h0lWPRUaQy_RuHKjwritSPCKw" in file of 7035 bytes, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040031 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/cache/common.c(671): [client redacted_ip:50072] oidc_cache_set: successfully stored 7034 bytes in file cache backend for encrypted key gnkMDU9sbJbFSQgK35h0lWPRUaQy_RuHKjwritSPCKw, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040043 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(995): [client redacted_ip:50072] oidc_util_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040049 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2483): [client redacted_ip:50072] oidc_util_hdr_err_out_add: Set-Cookie: mod_auth_openidc_session=604f3896-1290-447d-b3d7-9a614f4ebd3d; Path=/; Domain=redacted_url; Secure; HttpOnly; SameSite=None, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040063 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/mod_auth_openidc.c(2007): [client redacted_ip:50072] oidc_handle_authorization_response: session created and stored, returning to original URL: https://redacted_url/reports/, original method: get, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.040076 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2461): [client redacted_ip:50072] oidc_util_hdr_table_set: Location: https://redacted_url/reports/, referer: https://login.microsoftonline.com/
[Sat Feb 20 15:36:50.282579 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/mod_auth_openidc.c(3840): [client redacted_ip:50073] oidc_check_user_id: incoming request: "/secure/uri?(null)", ap_is_initial_req(r)=0, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282620 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/oauth.c(201): [client redacted_ip:50073] oidc_oauth_get_bearer_token: accept_token_in=0, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282637 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/oauth.c(292): [client redacted_ip:50073] oidc_oauth_get_bearer_token: no bearer token found in the allowed methods: [], referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282649 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/util.c(2405): [client redacted_ip:50073] oidc_util_hdr_in_get: Cookie=mod_auth_openidc_state_<redacted_state>=<state_value>.J<state_value_longer_part>, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282667 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/util.c(1109): [client redacted_ip:50073] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282678 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/util.c(1271): [client redacted_ip:50073] oidc_util_request_matches_url: comparing "/secure/uri"=="/secure/uri", referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282687 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/proto.c(2475): [client redacted_ip:50073] oidc_proto_javascript_implicit: enter, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282896 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/mod_auth_openidc.c(3840): [client redacted_ip:50073] oidc_check_user_id: incoming request: "/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>", ap_is_initial_req(r)=1, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282929 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/oauth.c(201): [client redacted_ip:50073] oidc_oauth_get_bearer_token: accept_token_in=0, referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>
[Sat Feb 20 15:36:50.282938 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/oauth.c(292): [client redacted_ip:50073] oidc_oauth_get_bearer_token: no bearer token found in the allowed methods: [], referer: https://redacted_url/secure/uri?code=<really_long_code>&state=<redacted_state>&session_state=<session_state>

... would repeat on and on and on if I didn't ask the browser to stop the insanity.

If I install the earlier version known to work, this does not occur.

4 replies

zandbelt Feb 20, 2021
Maintainer

I don't see why:

[Sat Feb 20 15:36:50.040076 2021] [auth_openidc:debug] [pid 1060452:tid 140541286983424] src/util.c(2461): [client redacted_ip:50072] oidc_util_hdr_table_set: Location: https://redacted_url/reports/, referer: https://login.microsoftonline.com/

would not redirect the browser to /reports, because the next incoming request is:

[Sat Feb 20 15:36:50.282579 2021] [auth_openidc:debug] [pid 1060452:tid 140541194925824] src/mod_auth_openidc.c(3840): [client redacted_ip:50073] oidc_check_user_id: incoming request: "/secure/uri?(null)",

perhaps a brower trace would tell you why the redirect is not followed

genio Feb 20, 2021
Author

Do you have a place that's not public I could send an HAR file to?

genio Feb 20, 2021
Author

I have a clean apache log file with nothing but the one attempt to hit that page and the corresponding HAR file.

zandbelt Feb 20, 2021
Maintainer

there are more things off in your log, e.g. it seems that the response is returned using the fragment response mode which does not seem to be configured

probably the change #487 is due to the new behaviour

but I'd first change both of Directory/Location blocks into a single:

<Location />
    AuthType openid-connect
    Require valid-user
</Location>

and see if that plays out well, then work your way back

genio · 2021-02-23T02:38:05Z

genio
Feb 23, 2021
Author

I'm a bit confused. Does this mean I'll have to start using mod_oauth2 for the AuthType auth-openidc? If so, any chance of getting el8 releases?

2 replies

zandbelt Feb 23, 2021
Maintainer

no, just start with this setup at first and see if it works, then work your way back to the original config and see where the problem is

zandbelt Feb 26, 2021
Maintainer

any luck with that?

Uh oh!

Constant Redirects in v2.4.5+ #546

Uh oh!

Uh oh!

genio Feb 20, 2021

Replies: 3 comments · 6 replies

Uh oh!

zandbelt Feb 20, 2021 Maintainer

Uh oh!

genio Feb 20, 2021 Author

Uh oh!

zandbelt Feb 20, 2021 Maintainer

Uh oh!

genio Feb 20, 2021 Author

Uh oh!

genio Feb 20, 2021 Author

Uh oh!

zandbelt Feb 20, 2021 Maintainer

Uh oh!

genio Feb 23, 2021 Author

Uh oh!

zandbelt Feb 23, 2021 Maintainer

Uh oh!

zandbelt Feb 26, 2021 Maintainer

genio
Feb 20, 2021

Replies: 3 comments 6 replies

zandbelt
Feb 20, 2021
Maintainer

genio
Feb 20, 2021
Author

zandbelt Feb 20, 2021
Maintainer

genio Feb 20, 2021
Author

genio Feb 20, 2021
Author

zandbelt Feb 20, 2021
Maintainer

genio
Feb 23, 2021
Author

zandbelt Feb 23, 2021
Maintainer

zandbelt Feb 26, 2021
Maintainer