sgRequired option does not work when global storage is enabled for token
Environment
LemonLDAP::NG version: 2.0.8
Operating system: Debian
Web server: Nginx
Summary
Enable 2FA (OTT) + self registration + token with global storage
Unable to connect => Portal loop
Logs
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [info] No cookie found
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Build URL http://auth.example.com:19876/?cancel=1
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Redirect 127.0.0.1 to portal (url was /?cancel=1)
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] User not authenticated, Try in use, cancel redirection
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Start routing default route
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing restoreArgs
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing controlUrl
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing code ref
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Cancel called, push authCancel calls
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing code ref
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Launching ::Plugins::AutoSignin::check
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing extractFormInfo
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Trying to load token e046ba57661006d8e45817f4e7efa8fd282012038fe1d3ad710998d8a9bb634c
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Try to get TOKEN session e046ba57661006d8e45817f4e7efa8fd282012038fe1d3ad710998d8a9bb634c
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Get session e046ba57661006d8e45817f4e7efa8fd282012038fe1d3ad710998d8a9bb634c from Portal::Main::Run
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Return TOKEN session e046ba57661006d8e45817f4e7efa8fd282012038fe1d3ad710998d8a9bb634c
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing getUser
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing authenticate
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] -> authResult = 0
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setAuthSessionInfo
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setSessionInfo
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setMacros
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setGroups
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setPersistentSessionInfo
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Persistent session found for dwho
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Restore persistent parameter _2fDevices
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Restore persistent parameter _loginHistory
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Restore persistent parameter _updateTime
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing setLocalGroups
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing store
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store fr in session key _language
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store Demo in session key _auth
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store Doctor Who in session key cn
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store dwho in session key uid
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store dwho in session key _user
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 127.0.0.1 in session key ipAddr
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 in session key UA
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store timelords; users in session key groups
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 1597150020 in session key _lastAuthnUTime
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 2 in session key authenticationLevel
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store dwho in session key _whatToTrace
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store HASH(0x5643b203c6d0) in session key hGroups
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Dump: $VAR1 = {'users' => {'name' => 'users'},'timelords' => {'name' => 'timelords'}};
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 20200811144700 in session key _startTime
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store Demo in session key _userDB
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 20200811143819 in session key _updateTime
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store HASH(0x5643b2032f28) in session key _loginHistory
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Dump: $VAR1 = {'successLogin' => [{'_utime' => '1597149499','ipAddr' => '127.0.0.1'},{'_utime' => '1548016089','ipAddr' => '127.0.0.1'}]};
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store **** in session key _2fDevices
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store 1597150020 in session key _utime
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Store dwho@badwolf.org in session key mail
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Try to get a new SSO session
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Return SSO session 6489b03f16be5018fc60915cff4f5018f5cd4615444330b8f941ae337bbd6c6c
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Looking if totp2F is available
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] No 2F module authorized -> Update current request
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing secondFactor
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Loading 2F Devices ...
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] -> 2F Device(s) found
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Looking for expired 2F device(s)...
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Looking if totp2F is available
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] 2F is required...
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] -> Register 2F
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Try to get a new TOKEN session
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [error] Session kind mismatch : SSO is not TOKEN
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [error] NO token created
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Just one 2F is enabled
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] -> Redirect to 2fregisters/
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Returned status: -4 (PE_SENDRESPONSE)
auth.example.com:80 127.0.0.1 - - [11/Aug/2020:14:47:00 +0200] "POST /?cancel=1 HTTP/1.1" 302 965 -
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [info] No cookie found
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Build URL http://auth.example.com:19876/2fregisters/
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Redirect 127.0.0.1 to portal (url was /2fregisters/)
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] User not authenticated, Try in use, cancel redirection
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Start routing 2fregisters
auth.example.com:80 127.0.0.1 - - [11/Aug/2020:14:47:00 +0200] "GET /2fregisters/ HTTP/1.1" 302 421 -
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [info] No cookie found
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Build URL http://auth.example.com:19876/
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Redirect 127.0.0.1 to portal (url was /)
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] User not authenticated, Try in use, cancel redirection
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Start routing default route
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing controlUrl
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing code ref
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing code ref
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Launching ::Plugins::AutoSignin::check
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Processing extractFormInfo
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Prepare token
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Try to get a new TOKEN session
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Return TOKEN session 67d2b507873bbf5d20615019d2784578468ba85c866bab8d009b3196d4205c02
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Token 67d2b507873bbf5d20615019d2784578468ba85c866bab8d009b3196d4205c02 created
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Returned error: 9 (PE_FIRSTACCESS)
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Display type standardform
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Skin returned: login
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Calling sendHtml with template login
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Starting HTML generation using /home/maudoux/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Sending /home/maudoux/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Apply following CORS policy :
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Allow-Origin
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] *
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Allow-Credentials
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] true
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Allow-Headers
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] *
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Allow-Methods
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] POST,GET
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Expose-Headers
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] *
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Access-Control-Max-Age
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] 86400
[Tue Aug 11 14:47:00 2020] [LLNG:5726] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
auth.example.com:80 127.0.0.1 - - [11/Aug/2020:14:47:00 +0200] "GET / HTTP/1.1" 200 9607 -
auth.example.com:80 127.0.0.1 - - [11/Aug/2020:14:47:00 +0200] "GET /static/languages/fr.json HTTP/1.1" 200 16627 -
Backends used
Demo