[Bug]:If the first login method fails then when the user-tries to login with the second login method the server goes down

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.

https://www.appsmith.com

Apache License 2.0

34.52k stars 3.73k forks source link

[Bug]:If the first login method fails then when the user-tries to login with the second login method the server goes down #19231

Open RakshaKShetty opened 1 year ago

RakshaKShetty commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Description

If the first login method fails then when the user-tries to login with the second login method the server goes down https://ca9sxzlrgy.vmaker.com/record/MTvPotKAHK34jQZR

Steps To Reproduce

set up both OIDC and SAML login
first login with saml the user will be logged in successfully
Now try to Login with OIDC the Login fails
Now again try to login with SAML the server goes down
The 503 error will be displayed

Public Sample App

No response

Issue video log

No response

Version

localhost

sharat87 commented 1 year ago

Okay few things failed togather here.

The JWK Set URL for OIDC on this server is incorrect. It should be /keys in the end, not /key.
After this failed OIDC attempt, the SESSION cookie is not removed. It sticks around. This cookie is what appears to be confusing Keycloak, and it doesn't know how to proceed.

Check the video for full details.

https://user-images.githubusercontent.com/120119/209755910-e8030fe1-1dbb-438e-a8ec-4e02951ee258.mp4

sharat87 commented 1 year ago

On further tests though, it looks like a SAML-only issue. I can reproduce this with just login with SAML, logout, and try to login with SAML again, and I see this error.