You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/24 13:05:15 UTC

[GitHub] [apisix] MirtoBusico commented on pull request #8068: feat(openid-connect): make session_secret support configurable

MirtoBusico commented on PR #8068:
URL: https://github.com/apache/apisix/pull/8068#issuecomment-1364527581

   > @tzssangglass nice! Following workaround in APISIX helm chart values fixes problem in 2.15.1:
   > 
   > ```yaml
   > configurationSnippet:
   >   httpSrv: |
   >     set $session_secret 0123456789a5bac9bb3c868ec8b202e93;
   > ```
   
   Hi all,
   I tried to use the workaround.
   
   Now in my values.yaml for apisix helm chart I have:
   ```
   # Custom configuration snippet.
   configurationSnippet:
     main: |
   
     httpStart: |
   
     httpEnd: |
   
     httpSrv: |
       set $session_secret 0123456789a5bac9bb3c868ec8b202e93;
   
     httpAdmin: |
   
     stream: |
   
   # Observability configuration.
   ```
   
   Still I get a "openid-connect exits with http status code 500" error from the openid-connect plugin.
   ```
   2022/12/24 12:44:45 [warn] 47#47: *581337 [lua] v3.lua:716: request_chunk(): http://apisix-etcd.apisix.svc.cluster.local:2379: failed to parse domain: failed to parse domain. Retrying, context: ngx.timer
   2022/12/24 12:47:11 [warn] 47#47: *666008 [lua] v3.lua:716: request_chunk(): http://apisix-etcd.apisix.svc.cluster.local:2379: failed to parse domain: failed to parse domain. Retrying, context: ngx.timer
   2022/12/24 12:48:22 [error] 50#50: *673065 [lua] openidc.lua:1100: authenticate(): state from argument: 75f1ea8eb72acd29e847e4afe36ca426 does not match state restored from session: a1072f4e1facdf0e90714bbd6163ea0e, client: 127.0.0.6, server: _, request: "GET /*?state=75f1ea8eb72acd29e847e4afe36ca426&session_state=aff4d9a9-1641-455d-b368-6f13c2925c32&code=9de7dc09-e3db-4507-a4be-51c4b57de1aa.aff4d9a9-1641-455d-b368-6f13c2925c32.84a0adb8-9534-4db9-9e55-7675c11e5b76 HTTP/1.0", host: "apisix.h.net"
   2022/12/24 12:48:22 [error] 50#50: *673065 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: state from argument does not match state restored from session, client: 127.0.0.6, server: _, request: "GET /*?state=75f1ea8eb72acd29e847e4afe36ca426&session_state=aff4d9a9-1641-455d-b368-6f13c2925c32&code=9de7dc09-e3db-4507-a4be-51c4b57de1aa.aff4d9a9-1641-455d-b368-6f13c2925c32.84a0adb8-9534-4db9-9e55-7675c11e5b76 HTTP/1.0", host: "apisix.h.net"
   2022/12/24 12:48:22 [warn] 50#50: *673065 [lua] plugin.lua:934: run_plugin(): openid-connect exits with http status code 500, client: 127.0.0.6, server: _, request: "GET /*?state=75f1ea8eb72acd29e847e4afe36ca426&session_state=aff4d9a9-1641-455d-b368-6f13c2925c32&code=9de7dc09-e3db-4507-a4be-51c4b57de1aa.aff4d9a9-1641-455d-b368-6f13c2925c32.84a0adb8-9534-4db9-9e55-7675c11e5b76 HTTP/1.0", host: "apisix.h.net"
   ```
   What I'm doing wrong?
   
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org