You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/05 08:29:52 UTC
[GitHub] [apisix] MirtoBusico commented on issue #8452: help request: Openid-connect - how to diagnose the error page "An error occurred. You can report issue to APISIX Faithfully yours, APISIX."

MirtoBusico commented on issue #8452:
URL: https://github.com/apache/apisix/issues/8452#issuecomment-1336950429

   Not sure which log I have to look at.
   Using the Kubernetes dashboard, the last lines of apisix pods are
   For apisix-dashboard pod
   ```
   2022-12-05T08:19:48.453Z filter/logging.go:45 /ping {"status": 200, "host": "10.42.2.191:9000", "query": "", "requestId": "39633564-4ccb-4ded-8709-675ad8ab7277", "latency": 0, "remoteIP": "127.0.0.6", "method": "GET", "errs": []}
   2022-12-05T08:19:57.252Z filter/logging.go:45 /ping {"status": 200, "host": "10.42.2.191:9000", "query": "", "requestId": "18464495-fb71-4bb1-89dc-03b6374e92e2", "latency": 0, "remoteIP": "127.0.0.6", "method": "GET", "errs": []}
   2022-12-05T08:19:58.452Z filter/logging.go:45 /ping {"status": 200, "host": "10.42.2.191:9000", "query": "", "requestId": "c902793d-c008-494c-a93d-6bb648332bb8", "latency": 0, "remoteIP": "127.0.0.6", "method": "GET", "errs": []}
   ```
   
   for apisix pod
   ```
   2022/12/05 08:19:27 [warn] 49#49: *48972 [lua] plugin.lua:934: run_plugin(): openid-connect exits with http status code 500, client: 127.0.0.6, server: _, request: "GET /*?state=809e5a967452528b8549511068b99cb1&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=63022b8e-9545-4441-8272-d429d4c8a819.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   2022/12/05 08:19:27 [alert] 49#49: *48972 ignoring stale global SSL error (SSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt), client: 127.0.0.6, server: _, request: "GET /*?state=809e5a967452528b8549511068b99cb1&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=63022b8e-9545-4441-8272-d429d4c8a819.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   2022/12/05 08:19:27 [alert] 47#47: *48973 ignoring stale global SSL error (SSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt), client: 127.0.0.6, server: _, request: "GET /favicon.ico HTTP/1.0", host: "apisix.h.net", referrer: "https://apisix.h.net/*?state=809e5a967452528b8549511068b99cb1&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=63022b8e-9545-4441-8272-d429d4c8a819.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756"
   2022/12/05 08:19:27 [error] 48#48: *48980 [lua] openidc.lua:1475: authenticate(): request to the redirect_uri path but there's no session state found, client: 127.0.0.6, server: _, request: "GET /*?state=f4130a202c1dc0ec165657fab774df10&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=055ab546-bf9a-42b9-b28d-f19a003a12f7.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   2022/12/05 08:19:27 [error] 48#48: *48980 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: request to the redirect_uri path but there's no session state found, client: 127.0.0.6, server: _, request: "GET /*?state=f4130a202c1dc0ec165657fab774df10&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=055ab546-bf9a-42b9-b28d-f19a003a12f7.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   2022/12/05 08:19:27 [warn] 48#48: *48980 [lua] plugin.lua:934: run_plugin(): openid-connect exits with http status code 500, client: 127.0.0.6, server: _, request: "GET /*?state=f4130a202c1dc0ec165657fab774df10&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=055ab546-bf9a-42b9-b28d-f19a003a12f7.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   2022/12/05 08:19:27 [alert] 48#48: *48980 ignoring stale global SSL error (SSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt), client: 127.0.0.6, server: _, request: "GET /*?state=f4130a202c1dc0ec165657fab774df10&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=055ab546-bf9a-42b9-b28d-f19a003a12f7.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0", host: "apisix.h.net"
   127.0.0.6 - - [05/Dec/2022:08:19:27 +0000] apisix.h.net "GET /*?state=809e5a967452528b8549511068b99cb1&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=63022b8e-9545-4441-8272-d429d4c8a819.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0" 500 553 0.000 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0" - - - "http://apisix.h.net"
   127.0.0.6 - - [05/Dec/2022:08:19:27 +0000] apisix.h.net "GET /favicon.ico HTTP/1.0" 302 217 0.000 "https://apisix.h.net/*?state=809e5a967452528b8549511068b99cb1&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=63022b8e-9545-4441-8272-d429d4c8a819.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756" "Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0" - - - "http://apisix.h.net"
   127.0.0.6 - - [05/Dec/2022:08:19:27 +0000] apisix.h.net "GET /*?state=f4130a202c1dc0ec165657fab774df10&session_state=29ba412f-4e64-4533-8ce0-0d23ad64fbcd&code=055ab546-bf9a-42b9-b28d-f19a003a12f7.29ba412f-4e64-4533-8ce0-0d23ad64fbcd.755e9ac7-b5a6-46d4-9660-fc6aa23d3756 HTTP/1.0" 500 553 0.000 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0" - - - "http://apisix.h.net"
   ```
   
   For apisix-ingress-controller pod
   ```
   2022-12-05T16:24:27+08:00 [34minfo[0m gin@v1.8.1/context.go:173 path: /healthz, status: 200, method: GET, query: , ip: 127.0.0.6, user-agent: kube-probe/1.24, errors: , cost: 26.839µs
   2022-12-05T16:24:36+08:00 [34minfo[0m gin@v1.8.1/context.go:173 path: /healthz, status: 200, method: GET, query: , ip: 127.0.0.6, user-agent: kube-probe/1.24, errors: , cost: 32.611µs
   2022-12-05T16:24:37+08:00 [34minfo[0m gin@v1.8.1/context.go:173 path: /healthz, status: 200, method: GET, query: , ip: 127.0.0.6, user-agent: kube-probe/1.24, errors: , cost: 33.589µs
   Logs from Dec 5, 2022 to Dec 5, 2022 UTC
   ```
   
   BTW is it correct to have the state in the URL instead of in the authorization header?
   
   
   
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org