Infinite redirection loop for CDA
Concerned version
Version: %2.0.6
Platform: (Nginx)
Summary
When trying to set CDA I run into an infinite redirection loop. The CDA URL parameter does not seems to be detected.
- CDA is correctly activated in lemonLDAP's json configuration.
- Aliases are setted in lemonLDAP's json configuration.
- Cookie forward directives are setted in nginx configuration.
You can try it here: https://flap-demo.duckdns.org with user lemon
and password lemonLDAP
by going to https://flap-demo2.duckdns.org
Logs
Here are the log I get from nginx and lemonLDAP:
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Build URL https://flap-demo2.duckdns.org/
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Redirect 88.181.226.50 to portal (url was /)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Get session bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e from Handler internal cache
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] auth.flap-demo.duckdns.org: Apply default rule
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] removing cookie
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Cookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en; flap-sso=bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] CookieName -> flap-sso
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] newCookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en;
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] User lemon was granted to access to /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw==
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Build URL https://flap-demo2.duckdns.org/?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Redirect 88.181.226.50 to portal (url was /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
...