Comments (11)
line 223 shows localhost
and but your VP config shows a much longer domain. Those must be aligned.
The warning in the logs for /authenticate/auth
such as "/auth Invalid session state: stored %!s(<nil>), returned XBb1V24PP6bP4fahuZy87GU6s4aZcZ8"
are essentially saying that it can't find the correct code in the session cookie.
from vouch-proxy.
I changed line 223 to the same domain and am still seeing the issue. I am doing this locally with my hosts file remapping 127.0.0.1 to the domain
from vouch-proxy.
Something must be wrong with the authorization cookie.
Do you see the cookie getting set in the /login response? It should include a session code. That cookie and code is later used in the /auth requests. Is it there? Does it include a path?
Does the browser operate in the same domain for the entire round trip?
If you continue to have problems, please update your gist with the current configs you're using and fresh logs. Also please include one run with testing enabled
from vouch-proxy.
ok - that's helpful. I see the VouchSession cookie in the /login request. But the domain is set to localhost. I'm not sure why its localhost, the only times I'm using localhost is in the proxy_pass config for nginx. I thought that was acceptable according to the examples in github?
from vouch-proxy.
@Smith-Chris1 are you still working this issue? If not could you please close it?
If you do still want help please do provide current configs and logs.
from vouch-proxy.
Thanks for following up - sorry for the delay. I think I'm nearly there, but am now getting this error:
{"level":"debug","ts":1709750896.2578976,"msg":"/auth/{state}/"}
{"level":"warn","ts":1709750916.2905672,"msg":"/auth Error while retrieving user info after successful login at the OAuth provider: Post \"https://myOktaDomain.okta.com/oauth2/v1/token\": net/http: TLS handshake timeout"}
{"level":"debug","ts":1709750916.2905893,"msg":"domain myserver.domain.co matched array value at [0]=domain.co"}
{"level":"debug","ts":1709750916.2905939,"msg":"setting the cookie domain to myserver.domain.co"}
{"level":"debug","ts":1709750916.290604,"msg":"rendering error for user: 400 Bad Request"}
{"level":"debug","ts":1709750916.2906082,"msg":"CaptureWriter.Write set w.StatusCode 400"}
from vouch-proxy.
What have you tried? Are you able to 'curl' the user info URL?
from vouch-proxy.
I am able to curl the user_info_url from the host I'm on. I notice that I am going through a proxy server though, not sure if that would affect anything
from vouch-proxy.
I am using the docker image and have configured it to run with this service file:
[Unit]
Description=Vouch-Proxy container
After=docker.service
Wants=network-online.target docker.socket
Requires=docker.socket
[Service]
TimeoutStartSec=0
Type=forking
Restart=always
RestartSec=10s
ExecStartPre=-/usr/bin/docker rm vouch-proxy-container
ExecStart=-/usr/bin/docker run --rm --name vouch-proxy-container --net=host -p 9091:9091 -v /path/to/config/config:/config quay.io/vouch/vouch-proxy
ExecStop=-/usr/bin/docker stop vouch-proxy-container
Type=simple
NotifyAccess=all
[Install]
WantedBy=multi-user.target
from vouch-proxy.
going through a proxy server
that's documented in the README
from vouch-proxy.
solved it in my env by not using the vouch docker image. thanks for the help and support.
from vouch-proxy.
Related Issues (20)
- Recommendations for using several OIDC endpoints HOT 1
- Vouch 400 and Invalid session state when opening a previous tab or returning to a tab after the laptop and browser has gone to sleep HOT 14
- How to pass OAuth2 ADFS token to server application? HOT 2
- How to fix "oauth.callback_url must be within a configured domains where the cookie will be sent" HOT 1
- docker build fails with golang image version `golang:1.18` HOT 4
- passing IdP access token to app via `Authorization "Bearer $ACCESS_TOKEN"` from kubernetes ingress-nginx HOT 2
- Select first value in multi-valued claim HOT 4
- WebAuthn/passkeys/Direct email login support? HOT 3
- Snowflake OAuth as additional oauth provider
- Setting log level via environment variables does not work HOT 1
- support for one instance with both publicAccess: true and false at different roots HOT 1
- Is vouch-proxy abandonware? HOT 5
- When ModSecurity/naxsi and auth_request (Vouch Proxy) and HTTP/2 is enabled, POST/PUT requests hang HOT 12
- receive "Required String parameter 'redirect_uri' is not present" from Cognito when YAML is not properly formatted HOT 3
- Authenticate additional user accounts outside of Google domain HOT 2
- Vouch Proxy and Keycloak 400 bad request after authenticating HOT 19
- scope of nginx auth_request_set HOT 1
- Vouch Loses Redirect URL upon re-authorization HOT 1
- feat: Storage Backend for jwt cache HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vouch-proxy.