Auth Choice Demo/OpenIDConnect: lmAuth param not present in redirect_uri url
Concerned version
Version: %2.0.9
Platform: (Apache) Authentication choice ( DEMO/ OpenIDConnect ) LLNG is a RP.
Summary
Here is the process to reproduce the bug -The user displays the OpenID Connect form and clicks “connect”. -It is redirected to the OP where it authenticates. -The user is then redirected to the portal which always displays the login page and not the menu page.
It seems that the choice of authentication method is lost during the authentication process. I see in the documentation that lmAuth param must be set but it's not mentionned where. The redirect_uri (url callback) generate by LLNG is http://auth.dgfip.gouv.fr/?openidconnectcallback=1 so no lmAuth param.
Logs
Here is the LLNG logs
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Get configuration from cache without verification.
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [info] No cookie found
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Build URL http://auth.dgfip.gouv.fr/
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirect 192.168.56.1 to portal (url was /)
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] User not authenticated, Try in use, cancel redirection
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Start routing default route
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing restoreArgs
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing controlUrl
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Launching ::Plugins::AutoSignin::check
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Launching ::Plugins::EnsapLogin::formatParam
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing extractFormInfo
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Choice FC selected
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirecting user to OP list
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Selecting the only defined OP: op-france-connect
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenID Provider op-france-connect choosen
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Build OpenIDConnect AuthN Request
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Token 1605242916_43914 created
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenIDConnect Callback URI: http://auth.dgfip.gouv.fr/?openidconnectcallback=1
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Token 1605242916_9861 created
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenIDConnect Authorization Code Flow Authn Request: https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirect user to https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Calling autoredirect
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Building redirection to https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:38.311878 2020] [authz_core:debug] [pid 5095] mod_authz_core.c(809): [client 192.168.56.1:39018] AH01626: authorization result of Require all granted: granted
[Fri Nov 13 05:48:38.311883 2020] [authz_core:debug] [pid 5095] mod_authz_core.c(809): [client 192.168.56.1:39018] AH01626: authorization result of <RequireAny>: granted
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Get configuration from cache without verification.
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [info] No cookie found
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Build URL http://auth.dgfip.gouv.fr/?openidconnectcallback=1&session_state=xGiLwdqfurHNna5FNP3TSQNAwFN6pw2tzIICzadrv04%3D.TzNtdkVYbDVma1F0S3ZocHRKLzV2S1JLYXdkQzN4Nk9mYzVYWk9QQnVKRjRObTlCZDJTOElaUE1IbUhBMEFXeTViZk5PeTIzK3BUYml1azQrcllpaUE9PQ&state=1605242916_43914&code=445c8313c8531033b60ce98382bce6374d50629ead00d7c0823fee0f44865525
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Redirect 192.168.56.1 to portal (url was /?openidconnectcallback=1&session_state=xGiLwdqfurHNna5FNP3TSQNAwFN6pw2tzIICzadrv04%3D.TzNtdkVYbDVma1F0S3ZocHRKLzV2S1JLYXdkQzN4Nk9mYzVYWk9QQnVKRjRObTlCZDJTOElaUE1IbUhBMEFXeTViZk5PeTIzK3BUYml1azQrcllpaUE9PQ&state=1605242916_43914&code=445c8313c8531033b60ce98382bce6374d50629ead00d7c0823fee0f44865525)
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] User not authenticated, Try in use, cancel redirection
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Start routing default route
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing controlUrl
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Launching ::Plugins::AutoSignin::check
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Launching ::Plugins::EnsapLogin::formatParam
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing extractFormInfo
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Initializing Auth modules...
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Prepare token
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Token 1605171038_61458 created
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Returned error: 9 (PE_FIRSTACCESS)
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Displaying authentication choice DEMO
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Use URL #
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Display type standardform for module Demo
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Authentication choice DEMO will be displayed
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Displaying authentication choice FC
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Use URL #
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Display type logo for module OpenIDConnect
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Authentication choice FC will be displayed
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Skin returned: login
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Calling sendHtml with template login
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl