OIDC redirect issue
Concerned version
Version: %2.0.7
Platform: (Nginx / Debian 9 stable)
Summary
I am getting an Returned error: -2 (PE_REDIRECT)
lemon-log Error while Lemonldap is trying to redirect to the Relying Party while an OpenID Connect authentication. The right Redirection Address is listed in the Logs but it isn't used and i am ending up in a Redirection loop.
Logs
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] OIDC request parameter state: HA-DRYLNGB0WASXKIV3ZUT8O6JH4QF912M5CEP7
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Store HA-DRYLNGB0WASXKIV3ZUT8O6JH4QF912M5CEP7 in hidden key state
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] OIDC request parameter redirect_uri: https://nc.swi.dev.credativ.de/nextcloud/index.php/apps/sociallogin/custom_oidc/lemonldap
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Store https://nc.swi.dev.credativ.de/nextcloud/index.php/apps/sociallogin/custom_oidc/lemonldap in hidden key redirect_uri
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] OIDC authorizationcode flow requested (response type: code)
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Request from client id nextcloud
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Client id nextcloud matches RP nextcloud
Jan 03 08:19:45 lemonldap LLNG[14549]: [notice] User testuserpw2 is authorized to access to nextcloud
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] [notice] User testuserpw2 is authorized to access to nextcloud
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Looking for OIDC Consents ...
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Consent already given for Relying Party nextcloud (time: 1576843117, scope: openid profile)
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Scope openid already accepted
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Generated code: 8c2c2937d916fe0c90aa97f9a203f45b34be3fc81553ed3cf49dfa6df65d67e5
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Redirect user to https://nc.swi.dev.credativ.de/nextcloud/index.php/apps/sociallogin/custom_oidc/lemonldap?code=8c2c2937d916fe0c90aa97f9a203f45b34be3fc81553ed3cf49dfa6df65d67e5&state=HA-DRYLNGB0WASXKIV3ZUT8O6JH4QF912M5CEP7&session_state=W%2FAIKNaXKCUsP9rdsjjOyIiGXY9cn2YnsdeyCkiVtJg%3D.aGQ5SXlqODVNdTM4OTJ6enNtQnZ5MW03Zmx1NzVZRnY1b3hEUk1XczI3cEZQLzZNcU9NRXd5Yi9MaUxCZCtqNVpwa2IrOGFTejBnbWIwMk9DVWFRNEE9PQ
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Returned error: -2 (PE_REDIRECT)
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Calling autoredirect
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Building redirection to https://nc.swi.dev.credativ.de/nextcloud/index.php/apps/sociallogin/custom_oidc/lemonldap?code=8c2c2937d916fe0c90aa97f9a203f45b34be3fc81553ed3cf49dfa6df65d67e5&state=HA-DRYLNGB0WASXKIV3ZUT8O6JH4QF912M5CEP7&session_state=W%2FAIKNaXKCUsP9rdsjjOyIiGXY9cn2YnsdeyCkiVtJg%3D.aGQ5SXlqODVNdTM4OTJ6enNtQnZ5MW03Zmx1NzVZRnY1b3hEUk1XczI3cEZQLzZNcU9NRXd5Yi9MaUxCZCtqNVpwa2IrOGFTejBnbWIwMk9DVWFRNEE9PQ
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Skin returned: redirect
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Calling sendHtml with template redirect
Jan 03 08:19:45 lemonldap LLNG[14549]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/redirect.tpl
Possible fixes
in usr/share/perl5/Lemonldap/NG/Portal/Main/Run.pm line 334 after i change this:
sub autoRedirect {
my ( $self, $req ) = @_;
# Set redirection URL if needed
$req->{urldc} ||= $self->conf->{portal}
if ( $req->mustRedirect and not( $req->info ) );
# Redirection should be made if urldc defined
if ( $req->{urldc} ) {
$self->logger->debug("Building redirection to $req->{urldc}");
if ( $self->_jsRedirect->( $req, $req->sessionInfo ) ) {
$req->error(PE_REDIRECT);
$req->data->{redirectFormMethod} = "get";
}
else {
return [ 302, [ Location => $req->{urldc}, $req->spliceHdrs ], [] ];
}
}
my ( $tpl, $prms ) = $self->display($req);
$self->logger->debug("Calling sendHtml with template $tpl");
return $self->sendHtml( $req, $tpl, params => $prms );
}
to this
sub autoRedirect {
my ( $self, $req ) = @_;
# Set redirection URL if needed
$req->{urldc} ||= $self->conf->{portal}
if ( $req->mustRedirect and not( $req->info ) );
# Redirection should be made if urldc defined
if ( $req->{urldc} ) {
$self->logger->debug("Building redirection to $req->{urldc}");
if ( $self->_jsRedirect->( $req, $req->sessionInfo ) ) {
#$req->error(PE_REDIRECT);
#$req->data->{redirectFormMethod} = "get";
return [ 302, [ Location => $req->{urldc}, $req->spliceHdrs ], [] ];
}
else {
return [ 302, [ Location => $req->{urldc}, $req->spliceHdrs ], [] ];
}
}
my ( $tpl, $prms ) = $self->display($req);
$self->logger->debug("Calling sendHtml with template $tpl");
return $self->sendHtml( $req, $tpl, params => $prms );
}
It seem to be working with this but i am not sure if i did Break something or bypass something vital or if it is all working as intendet and i am doing something wrong. Thanks for your help in advanced.