search

OpenIDC / mod_auth_openidc

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
Apache License 2.0
990 stars 327 forks source link

weird error message "validation failure (%ld):" #79

Closed x12a1f closed 9 years ago

x12a1f commented 9 years ago

I get the following error message:

oidc_proto_validate_iat: "iat" validation failure (%ld): JWT was issued more than 1146462928 seconds in the future

which does not seem right. After looking at https://github.com/pingidentity/mod_auth_openidc/blob/master/src/proto.c#L397 it seems %ld is not recognized as a place holder.

I've installed the libapache2-mod-auth-openidc_1.6.0-1_amd64.deb version on Debian 8.1

zandbelt commented 9 years ago

there was a similar issue here: https://github.com/pingidentity/mod_auth_openidc/issues/73

but I believe that the calculation is still correct and the sender and receiver are out of sync wrt. time settings. Can you check that?

x12a1f commented 9 years ago

Yes, I suspect there is a timing issue. But I opened this issue because there is a bug in the error message. It shows "%ld" in the error message instead of the value for jwt->payload.iat

zandbelt commented 9 years ago

yes, it seems to be an issue with the print modifier detection that libjansson offers; it doesn't seem to work very well on some platforms; I'll take a look if I can work around it

zandbelt commented 9 years ago

sure, if you turn up the LogLevel it should show in the debug logs