Bad request returned if upgradesession process fails
Concerned version
Version: %2.0.11
Platform: All
Summary
Enable upgrade session + U2F + set a VH with authLevel 3 + DO NOT register 2F device
=> try to access VH with level 2 => redirect ugrade session => error 103 => log in => bad request
Logs
auth.example.com:80 127.0.0.1 - dwho [01/Apr/2021:13:44:22 +0200] "GET //upgradesession?url=aHR0cHM6Ly90ZXN0MS5leGFtcGxlLmNvbToxOTg3Ni8%3D HTTP/1.1" 200 7847 dwho@badwolf.org
auth.example.com:80 127.0.0.1 - - [01/Apr/2021:13:44:22 +0200] "GET /static/languages/fr.json HTTP/1.1" 200 17511 -
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Get session d08d7881ca81f55004d2c795b9a4387b9fee6780ae61ac3ce79a043244715e54 from Handler internal cache
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] No URL authentication level found...
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] auth.example.com: Apply default rule
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] removing cookie
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Cookies -> llnglanguage=fr; lemonldap=d08d7881ca81f55004d2c795b9a4387b9fee6780ae61ac3ce79a043244715e54; lemonldappdata=%7B%22targetAuthnLevel%22%3A3%7D
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] CookieName -> lemonldap
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] newCookies -> llnglanguage=fr; lemonldappdata=%7B%22targetAuthnLevel%22%3A3%7D
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] User dwho was granted to access to /upgradesession
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Start routing upgradesession
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Processing controlUrl
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Confirm parameter accepted 1
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Required URL (param: urldc | value: https://test1.example.com:19876/ | alias: https://test1.example.com)
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] No URL authentication level found...
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Processing importHandlerData
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Processing secondFactor
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Loading 2F Devices ...
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] -> 2F Device(s) found
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Looking for expired 2F device(s)...
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Looking if totp2F is available
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Looking if u2F is available
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Returned error: 103 (PE_NO_SECOND_FACTORS)
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Returned userId: dwho
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Display type standardform
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Skin returned: login
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Calling sendHtml with template login
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Starting HTML generation using /home/maudoux/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Sending /home/maudoux/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Apply following CORS policy :
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Allow-Origin
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Allow-Credentials
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] true
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Allow-Headers
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Allow-Methods
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] POST,GET
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Expose-Headers
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Access-Control-Max-Age
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] 86400
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Required urldc : https://test1.example.com:19876/
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Set CSP form-action with urldc : https://test1.example.com:19876
[Thu Apr 1 13:44:24 2021] [LLNG:37621] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://test1.example.com:19876;frame-ancestors 'none';
auth.example.com:80 127.0.0.1 - dwho [01/Apr/2021:13:44:24 +0200] "POST /upgradesession HTTP/1.1" 200 9780 dwho@badwolf.org
auth.example.com:80 127.0.0.1 - - [01/Apr/2021:13:44:24 +0200] "GET /static/languages/fr.json HTTP/1.1" 200 17511 -
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Get session d08d7881ca81f55004d2c795b9a4387b9fee6780ae61ac3ce79a043244715e54 from Handler internal cache
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] No URL authentication level found...
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] auth.example.com: Apply default rule
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] removing cookie
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Cookies -> llnglanguage=fr; lemonldap=d08d7881ca81f55004d2c795b9a4387b9fee6780ae61ac3ce79a043244715e54; lemonldappdata=%7B%22targetAuthnLevel%22%3A3%7D
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] CookieName -> lemonldap
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] newCookies -> llnglanguage=fr; lemonldappdata=%7B%22targetAuthnLevel%22%3A3%7D
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] User dwho was granted to access to /upgradesession
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Start routing upgradesession
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Processing controlUrl
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Required URL (param: urldc | value: https://test1.example.com:19876/ | alias: https://test1.example.com)
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] No URL authentication level found...
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Returned userId: dwho
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [warn] [dwho] Bad request
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] [warn] [dwho] Bad request
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [notice] Error 400: Bad request
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Apply following CORS policy :
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Allow-Origin
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Allow-Credentials
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] true
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Allow-Headers
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Allow-Methods
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] POST,GET
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Expose-Headers
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] *
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] Access-Control-Max-Age
[Thu Apr 1 13:44:29 2021] [LLNG:37621] [debug] 86400
auth.example.com:80 127.0.0.1 - dwho [01/Apr/2021:13:44:29 +0200] "POST /upgradesession HTTP/1.1" 400 1057 dwho@badwolf.org
auth.example.com:80 127.0.0.1 - - [01/Apr/2021:13:44:29 +0200] "GET /favicon.ico HTTP/1.1" 302 2660 -
Backends used
Demo