Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • lemonldap-ng lemonldap-ng
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 352
    • Issues 352
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 17
    • Merge requests 17
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • LemonLDAP NGLemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #2085

OIDC provider doesn't work when info is displayed during the login process

Concerned version

Version: 2.0.7

Summary

  • Configure OIDC service
  • Add an OIDC RP
  • Enable singleSession
  • login as dwho
  • clear cookies so that the session is still active on the LLNG side
  • browse to your RP
  • fill the login form
  • an "info" form is displayed as the previous dwho session is erased
  • you are redirected to the OIDC callback with arguments from the OIDC authorize endpoint

Logs

This is the info form:

  <form id="form" action="http://rp.example.com/oauth2callback?code=53ba4eb7ed624bc0460e472cc8b75edcd50d4d95733bf2714dc42ad8217b1030&amp;state=zZgCySbiBVYTzcGD1PS4UHlOvZc&amp;session_state=dGQQkqPArcDn5GfH%2F%2FF8JXxDwbbvoFylK83sLMFnmkY%3D.YkMyR1kzZk1oNVdFRm8rZGRUYzc2dzBrTWdydm1xLzF3SzVZR2ZXd0dmVDFNQWFPZjlBOE92K0RzZ2tNTFkrK3pFdGNIanJpRDBHWTNRL0ZMcGwzMUE9PQ" method="get" class="info" role="form">
    <input type="hidden" name="scope" value="openid email profile"><input type="hidden" name="response_type" value="code"><input type="hidden" name="redirect_uri" value="http://rp.example.com/oauth2callback"><input type="hidden" name="client_id" value="test"><input type="hidden" name="nonce" value="GPIXu7LrxGMKXrnB_jBC3ehp4ho8Eour-Axf3GHo5Vo"><input type="hidden" name="state" value="zZgCySbiBVYTzcGD1PS4UHlOvZc">

In other words, the action field is correct, but the form's input are copied from the HTTP request.

Which means that we are actually redirected to http://rp.example.com/oauth2callback?scope=openid+email+profile&response_type=code&redirect_uri=http%3A%2F%2Flemonorange-rp.lxd%2Fsecret%2Foauth2callback&client_id=test&nonce=GPIXu7LrxGMKXrnB_jBC3ehp4ho8Eour-Axf3GHo5Vo&state=zZgCySbiBVYTzcGD1PS4UHlOvZc&lmAuth=Demo&skin=bootstrap

Assignee
Assign to
Time tracking