Skip to content
This repository has been archived by the owner on Dec 24, 2023. It is now read-only.

openidc.lua:1475: authenticate(): request to the redirect_uri path but there's no session state found. KONG_X_SESSION_SECRET's been set. #38

Closed
SecFromTheNest opened this issue Mar 24, 2023 · 4 comments

Comments

@SecFromTheNest
Copy link

Got this error when redirected back after successfully logged in from Keycloak.

openidc.lua:1475: authenticate(): request to the redirect_uri path but there's no session state found, client: 172.18.0.1, server: kong, request: "GET /cb?state=8c3eae03d96abf7ce7b9f91d0229fce2&session_state=0a7a489c-b5ba-4aeb-8f6b-52dc7481b596&code=d4eba5ac-ab77-4b5a-b7f4-b18efd9ac708.0a7a489c-b5ba-4aeb-8f6b-52dc7481b596.18885a48-8ea5-4d78-8eae-9fc2478fb0e5 HTTP/1.1", host: "localhost:18000"

OP: Keycloak.

-e KONG_X_SESSION_SECRET=Q211IzIwMTc=
-e KONG_X_SESSION_NAME=oidc_session \

kong-oidc session_secret set to Q211IzIwMTc=

@cristichiru
Copy link

  1. I assume you use 3.2.2-2?
  2. I assume there is only 1 instance of keycloak?
  3. Can you please provide the full command line that you have started kong with?

@SecFromTheNest
Copy link
Author

#!/bin/bash

cd `readlink -f $0 | grep -o '.*/'`
. common.sh

set -x
docker run -d -it \
    --network=kong-net \
    --name $DOCKER_CONTAINER \
    --hostname $DOCKER_CONTAINER \
    -e KONG_LOG_LEVEL=info \
    -e KONG_ADMIN_ACCESS_LOG=/dev/stdout \
    -e KONG_ADMIN_ERROR_LOG=/dev/stderr \
    -e KONG_ADMIN_GUI_ACCESS_LOG=/dev/stdout \
    -e KONG_ADMIN_GUI_ERROR_LOG=/dev/stderr \
    -e KONG_PORTAL_API_ACCESS_LOG=/dev/stdout \
    -e KONG_PORTAL_API_ERROR_LOG=/dev/stderr \
    -e KONG_PROXY_ACCESS_LOG=/dev/stdout \
    -e KONG_PROXY_ERROR_LOG=/dev/stderr \
    -e KONG_ANONYMOUS_REPORTS='false' \
    -e KONG_CLUSTER_LISTEN='off' \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    -e "KONG_PG_PASSWORD=kongpass" \
    -e "KONG_PASSWORD=test" \
    -e KONG_LUA_PACKAGE_PATH='/opt/?.lua;/opt/?/init.lua;;' \
    -e KONG_NGINX_WORKER_PROCESSES='1' \
    -e KONG_PLUGINS='bundled,oidc,cookies-to-headers' \
    -e KONG_ADMIN_LISTEN='0.0.0.0:8001' \
    -e KONG_PROXY_LISTEN='0.0.0.0:8000, 0.0.0.0:8443 http2 ssl' \
    -e KONG_STATUS_LISTEN='0.0.0.0:8100' \
    -e KONG_NGINX_DAEMON='off' \
    -e KONG_X_SESSION_MEMCACHE_PORT="'1234'" \
    -e KONG_X_SESSION_COMPRESSOR=zlib \
    -e KONG_X_SESSION_SECRET=Q211IzIwMTc= \
    -e KONG_X_SESSION_NAME=oidc_session \
    -p $KONG_LOCAL_ADMIN_PORT:8001 \
    -p $KONG_LOCAL_HTTP_PORT:8000 \
    -p $KONG_LOCAL_HTTPS_PORT:8443 \
    $DOCKER_IMAGE \
    $*

This is my run.sh file. Yes I'm using 3.2.2-2 and having only 1 instance of Keycloak running

@cristichiru
Copy link

Indeed, seems to be caused by breaking changes in lua-resty-session 4 (used by kong 3.2.x). Ref: #37 (comment)

Please use cristianchiru/docker-kong-oidc:3.2.2-3 - should fix the issue.

@SecFromTheNest
Copy link
Author

Issue fixed. Thank you very much!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants