I am using OPENIDC for protecting a URL. mod_authopenidc is installed in my apache server.After authenticating the user i have an approve button which is when clicked sends a response with authorization code and state back to my apache.Once that response tries to hit apache it sends back to OIDCDefault URL(302 status) and not to my token end point.
[Tue Feb 02 15:35:12.595122 2021] [authz_core:debug] [pid 7525] mod_authz_core.c(809):
[client 192.168.20.122:43466] AH01626: authorization result of Require valid-user : denied
(no authenticated user yet), referer:
[Tue Feb 02 15:35:12.595217 2021] [authz_core:debug] [pid 7525] mod_authz_core.c(809):
[client 192.168.20.122:43466] AH01626: authorization result of <RequireAny>: denied (no
authenticated user yet), referer:
[Tue Feb 02 15:35:12.595256 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(4005): [client 192.168.20.122:43466] oidc_check_user_id: incoming
request: "/getbookingdata/secure?state=Y53fk4txWTuXfZOdW0VKLCP-
I_M&code=3e36705476b64317876a24b22370d9f1", ap_is_initial_req(r)=1, referer:
https:
[Tue Feb 02 15:35:12.595282 2021] [auth_openidc:debug] [pid 7525] src/util.c(1062): [client
192.168.20.122:43466] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>,
[Tue Feb 02 15:35:12.595296 2021] [auth_openidc:debug] [pid 7525] src/util.c(1224): [client
192.168.20.122:43466] oidc_util_request_matches_url: comparing
"/getbookingdata/secure"=="/getbookingdata/secure", referer:
[Tue Feb 02 15:35:12.595312 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(2225): [client 192.168.20.122:43466]
oidc_handle_redirect_authorization_response: enter, referer:
[Tue Feb 02 15:35:12.595411 2021] [auth_openidc:debug] [pid 7525] src/util.c(1548): [client
192.168.20.122:43466] oidc_util_read_form_encoded_params: read:
state=Y53fk4txWTuXfZOdW0VKLCP-I_M, referer:
[Tue Feb 02 15:35:12.595436 2021] [auth_openidc:debug] [pid 7525] src/util.c(1548): [client
192.168.20.122:43466] oidc_util_read_form_encoded_params: read:
code=3e36705476b64317876a24b22370d9f1, referer:
[Tue Feb 02 15:35:12.595448 2021] [auth_openidc:debug] [pid 7525] src/util.c(1553): [client
192.168.20.122:43466] oidc_util_read_form_encoded_params: parsed: 71 bytes into 2 elements,
referer:
[Tue Feb 02 15:35:12.595458 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(2049): [client 192.168.20.122:43466]
oidc_handle_authorization_response: enter, response_mode=query, referer:
[Tue Feb 02 15:35:12.595484 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(1680): [client 192.168.20.122:43466]
oidc_authorization_response_match_state: enter (state=Y53fk4txWTuXfZOdW0VKLCP-I_M), referer:
[Tue Feb 02 15:35:12.595493 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(817): [client 192.168.20.122:43466] oidc_restore_proto_state: enter,
[Tue Feb 02 15:35:12.595510 2021] [auth_openidc:debug] [pid 7525] src/util.c(1062): [client
192.168.20.122:43466] oidc_util_get_cookie: returning
"mod_auth_openidc_state_Y53fk4txWTuXfZOdW0VKLCP-I_M" = <null>, referer:
[Tue Feb 02 15:35:12.595520 2021] [auth_openidc:error] [pid 7525] [client
192.168.20.122:43466] oidc_restore_proto_state: no
"mod_auth_openidc_state_Y53fk4txWTuXfZOdW0VKLCP-I_M" state cookie found, referer:
[Tue Feb 02 15:35:12.595530 2021] [auth_openidc:warn] [pid 7525] [client
192.168.20.122:43466] oidc_proto_peek_jwt_header: could not parse first element separated by
"." from input,
[Tue Feb 02 15:35:12.595539 2021] [auth_openidc:debug] [pid 7525]
src/mod_auth_openidc.c(544): [client 192.168.20.122:43466] oidc_unsolicited_proto_state:
enter: state header=(null),
[Tue Feb 02 15:35:12.595571 2021] [auth_openidc:debug] [pid 7525] src/util.c(2120): [client
192.168.20.122:43466] oidc_util_create_symmetric_key: key_len=32, referer:
https://identityprovider.com:8016/
[Tue Feb 02 15:35:12.595632 2021] [auth_openidc:error] [pid 7525] [client
192.168.20.122:43466] oidc_unsolicited_proto_state: could not parse JWT from state: invalid
unsolicited response: [src/jose.c:809: oidc_jwt_parse]: cjose_jws_import failed: invalid
argument [file: jws.c, function: cjose_jws_import, line: 781], referer:
https://identityprovider.com:8016/
[Tue Feb 02 15:35:12.595643 2021] [auth_openidc:error] [pid 7525] [client
192.168.20.122:43466] oidc_authorization_response_match_state: unable to restore state,
referer: https://identityprovider.com:8016/
[Tue Feb 02 15:35:12.595652 2021] [auth_openidc:warn] [pid 7525] [client
192.168.20.122:43466] oidc_handle_authorization_response: invalid authorization response
state; a default SSO URL is set, sending the user there:
https://identityprovider.com:8016/login, referer: https://identityprovider.com:8016/
[Tue Feb 02 15:35:12.595661 2021] [auth_openidc:debug] [pid 7525] src/util.c(2391): [client
192.168.20.122:43466] oidc_util_hdr_table_set: Location:
https://identityprovider.com:8016/login, referer: https://identityprovider.com:8016/
Above is my debug logs from apache
Configuration from aut_mod_openidc.conf file
OIDCProviderMetadataURL https://sp1.com:8014
OIDCClientID 12345
OIDCClientSecret 6789
OIDCCryptoPassphrase bel@123
OIDCStateTimeout 60
OIDCResponseType code
OIDCScope "openid email profile"
OIDCProviderTokenEndpointAuth client_secret_basic
OIDCSessionMaxDuration 86400
OIDCSSLValidateServer Off
OIDCCookiePath /
OIDCCookie mod_auth_openidc_session
OIDCDefaultURL https://identityprovider.com:8016/login
OIDCCacheEncrypt On
#OIDCProviderAuthRequestMethod GET
OIDCRemoteUserClaim preferred_username
OIDCProviderJwksUri https://identityprovider.com:8016
OIDCCacheType file
OIDCCacheDir /var/cache/apache2/mod_auth_openidc/cache
OIDCCacheFileCleanInterval 60
OIDCSessionInactivityTimeout 5000
OIDCRemoteUserClaim upn
what might be the reason for my issue?
