Redirection loop on portal with oidc
Concerned version
Version: 2.16.2
Platform: (Nginx)
Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, the web browser is going into a redirect loop on the portal instead of going to the redirect uri. The web browser display the "Redirection in progress" message and keep reloading the page.
The other OIDC client or CAS client are ok.
jsRedirect is set to 0.
There is no error in the browser console and the issue is the same with firefox v102 or Chrome v113.
The OS is a debian 10.13 for lemon 2.0.13-2 and a debian 12.0 for lemon 2.16.2
The issue was the same with version 2.16.1 last week.
The log with version 2.16.2 (redirect loop) show:
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
With version 2.0.13-2 (ok, no loop) we have:
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
Detailled log of the two version are below.
Logs
Logs with version 2.16.2:
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter state: b0da98665f354e8390831b792a29a492
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/auth>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirec>
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter response_mode: form_post
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store form_post in hidden key response_mode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGotRequest
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcResolveScope
May 12 12:23:10 lemon2 LLNG[131]: [debug] Resolved scopes: openid profile
May 12 12:23:10 lemon2 LLNG[131]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prom>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGenerateCode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Generated code: 671c71aae51ec30a5e68c444e5d9e46d
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Processing autoPost
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store ItjPm152IqLR7wz9/R3f9uXiFydygQZAQJKzxrPPTkw=.empOZk1lalI3Uys2eDkrbXFDK3>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store 671c71aae51ec30a5e68c444e5d9e46d in hidden key code
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
Log with version 2.0.13-2:
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter state: dae988ae12e049c3ba7768a876b99c6c
May 12 12:29:13 lemon LLNG[329]: [debug] Store dae988ae12e049c3ba7768a876b99c6c in hidden key state
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/authLy
May 12 12:29:13 lemon LLNG[329]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirect_
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter response_mode: form_post
May 12 12:29:13 lemon LLNG[329]: [debug] Store form_post in hidden key response_mode
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGotRequest
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:29:13 lemon LLNG[329]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcResolveScope
May 12 12:29:13 lemon LLNG[329]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prompt
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGenerateCode
May 12 12:29:13 lemon LLNG[329]: [debug] Generated code: 0291198f419f55353795de14235da1ee
May 12 12:29:13 lemon LLNG[329]: [debug] Delete all hidden values
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
May 12 12:29:13 lemon LLNG[329]: [debug] Building redirection to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=