OIDC consent validation fails after second factor form or redirection from external IDP
Concerned version
Version: 2.0.7
Summary
Configuration
- Configure "Demo" auth
- Configure the OIDC issuer
- Configure a form-based second factor (external command or mail)
- Do NOT set "bypass consent"
Reproduction steps
- Browse to OIDC rp
- You are redirected to LLNG
- Auth as dwho/dwho
- Input second factor
- Validate consent
- Get a generic "Error"
Logs
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session b5f2178a3aeaeab9a1f67e223c0da7241a3ba7b5228d0ffa8f1c0b57502ea39e from Handler internal cache
[debug] No URL authentication level found...
[debug] auth.lemontest.lxd: Apply default rule
[debug] removing cookie
[debug] Cookies -> llnglanguage=fr; lemonldap=b5f2178a3aeaeab9a1f67e223c0da7241a3ba7b5228d0ffa8f1c0b57502ea39e
[debug] CookieName -> lemonldap
[debug] newCookies -> llnglanguage=fr;
[debug] User dwho was granted to access to /oauth2
[debug] Start routing oauth2
[debug] Processing _forAuthUser
[debug] Cleaning pdata
[debug] Processing importHandlerData
[debug] Processing controlUrl
[debug] Confirm parameter accepted 1
[debug] Processing code ref
[debug] Launching ::Plugins::CDA::changeUrldc
[debug] Processing code ref
[debug] Launching ::Password::Demo::_modifyPassword
[debug] Processing code ref
[error] Unknown OIDC endpoint , skipping
[debug] Returned error: 24 (PE_ERROR)
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CORS policy :
[debug] Access-Control-Allow-Origin
[debug] *
[debug] Access-Control-Allow-Credentials
[debug] true
[debug] Access-Control-Allow-Headers
[debug] *
[debug] Access-Control-Allow-Methods
[debug] POST,GET
[debug] Access-Control-Expose-Headers
[debug] *
[debug] Access-Control-Max-Age
[debug] 86400
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';