Receiving infinite loop authenticate request #683
Replies: 3 comments 5 replies
-
|
A quick workaround would most probably be to not use form_post response mode |
Beta Was this translation helpful? Give feedback.
-
|
Should I need to comment or remove whole line in mod_auth_conf file? OIDCResponseMode "form_post" Please advise. |
Beta Was this translation helpful? Give feedback.
-
|
remove it |
Beta Was this translation helpful? Give feedback.
-
|
I don't receive infinite authentication request now but unfortunately receives 500 error.
We have naother web instance it works like champ. We do not see any difference between those two config files. |
Beta Was this translation helpful? Give feedback.
-
|
Check the server debug log |
Beta Was this translation helpful? Give feedback.
-
|
@zandbelt : Apologise for late reply.Got stuck in another priority work, so couldn’t reply. I could see the below error logs in the debug logs. Tried checking related to this error, but looks like this is specific to browser related . In my case receiving same error in all browsers. Facing an error with status code 500. |
Beta Was this translation helpful? Give feedback.
-
|
looks like you need to upgrade to the latest version and set |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your prompt response. Keep you posted. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I am trying to protect the pdf files which are stored in webserver using mod_auth_oidc and Okta.
After authentication successful receiving authentication request again in infinite loop.
Apache 2.4.43
mod_auth_oidc-2.4.1
Okta is an OP
Not sure what configuration mistake made in this. Any suggestions would be appreciated.
In error log could see the below.
Wed Sep 15 09:53:18.915314 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/cache/common.c(613): [client 10.78.164.187:28423] oidc_cache_get: cache hit: return 3290 bytes from shm cache backend for key 4790d946-162c-11ec-bc48-5363f801da26
[Wed Sep 15 09:53:18.915432 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(1217): [client 10.78.164.187:28423] oidc_util_request_matches_url: comparing "/restricted/"=="/restricted/"
[Wed Sep 15 09:53:18.915448 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/mod_auth_openidc.c(2170): [client 10.78.164.187:28423] oidc_handle_post_authorization_response: enter
[Wed Sep 15 09:53:18.915455 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(2309): [client 10.78.164.187:28423] oidc_util_hdr_in_get: Content-Type=application/x-www-form-urlencoded
[Wed Sep 15 09:53:18.915577 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(1529): [client 10.78.164.187:28423] oidc_util_read_form_encoded_params: read: state=BhNmvF-xvqLdEXd45WQ3MrzxFlg
[Wed Sep 15 09:53:18.915602 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(1529): [client 10.78.164.187:28423] oidc_util_read_form_encoded_params: read: code=aBRdioFy4yWUx8r8lV6f4fzXnFcRJU5GDvPOMsT3ic4
[Wed Sep 15 09:53:18.915608 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(1534): [client 10.78.164.187:28423] oidc_util_read_form_encoded_params: parsed: 82 bytes into 2 elements
[Wed Sep 15 09:53:18.915627 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/mod_auth_openidc.c(2036): [client 10.78.164.187:28423] oidc_handle_authorization_response: enter, response_mode=form_post
[Wed Sep 15 09:53:18.915648 2021] [auth_openidc:warn] [pid 31343:tid 140211723941632] [client 10.78.164.187:28423] oidc_handle_browser_back: browser back detected, redirecting to original URL: https://www.abc.com:443/restricted/file/docs/xyz-.pdf
[Wed Sep 15 09:53:18.915655 2021] [auth_openidc:debug] [pid 31343:tid 140211723941632] src/util.c(2365): [client 10.78.164.187:28423] oidc_util_hdr_table_set: Location:https://www.abc.com:443/restricted/file/docs/xyz-.pdf
[Wed Sep 15 09:53:20.082048 2021] [auth_openidc:debug] [pid 31341:tid 140211623229184] src/mod_auth_openidc.c(3918): [client 10.78.164.187:49282] oidc_check_user_id: incoming request: "/restricted/?(null)", ap_is_initial_req(r)=1
#############START###########
LogLevel auth_openidc:debug
OIDCSSLValidateServer Off
OIDCOutgoingProxy http://XXX.com:8080
OIDCProviderMetadataURL https://xyz.com/oauth2/default/.well-known/openid-configuration
OIDCClientID **********************
OIDCClientSecret *********************
OIDCRedirectURI https://abc.com/restricted/
RequestHeader set X-Forwarded-Port 443 early
OIDCCryptoPassphrase example@3003
OIDCScope "openid email profile"
OIDCResponseType "code"
OIDCResponseMode "form_post"
OIDCRemoteUserClaim preferred_username
OIDCAuthNHeader REMOTE_USER
OIDCStateTimeout 600
OIDCStateMaxNumberOfCookies 20
<Location /restricted/>
AuthType openid-connect
Require valid-user
END
Beta Was this translation helpful? Give feedback.
All reactions