search

clowder-framework / clowder

A data management system that allows users to share, annotate, organize and analyze large collections of datasets. It provides support for extensible metadata annotation using JSON-LD and a distribute analytics event bus for automatic curation of uploaded data.
https://clowderframework.org/
University of Illinois/NCSA Open Source License
33 stars 17 forks source link

TLS SNI not working with OpenID #271

Open vs49688 opened 2 years ago

vs49688 commented 2 years ago

Describe the bug

See "An error occurred while logging you in. Please try again." when attempting to log in via OIDC.

When securesocial is configured with:

securesocial.ssl=true
securesocial.cilogon.authorizationUrl="https://keycloak.sanitized.com/auth/realms/dev/protocol/openid-connect/auth"
securesocial.cilogon.accessTokenUrl="https://keycloak.sanitized.com/auth/realms/dev/protocol/openid-connect/token"
securesocial.cilogon.userinfoUrl="https://keycloak.sanitized.com/auth/realms/dev/protocol/openid-connect/userinfo"

The server_name TLS extension (SNI) isn't sent, so the upstream server doesn't know which host/certificate to serve.

From the logs below:

Logs (with -Djavax.net.debug=all):

javax.net.ssl|WARNING|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.910 UTC|ServerNameExtension.java:261|Unable to indicate server name
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.913 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.914 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: status_request
javax.net.ssl|WARNING|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.921 UTC|SignatureScheme.java:297|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.921 UTC|SignatureScheme.java:297|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|ALL|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.934 UTC|SignatureScheme.java:373|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.934 UTC|SignatureScheme.java:373|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.937 UTC|SignatureScheme.java:393|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.938 UTC|AlpnExtension.java:161|No available application protocols
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.940 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.941 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: status_request_v2
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.942 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|FINE|0B|play-akka.actor.default-dispatcher-3|2021-09-13 08:00:24.945 UTC|ClientHello.java:575|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "01 76 27 93 B4 68 CD 24 45 61 B7 1C 15 DB 8E 5A AC 1E 8D 07 B0 58 84 3B 6B 32 1E 8B 32 47 E7 DE",
  "session id"          : "",
  "cipher suites"       : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.2]
    }
  ]
}
)

---snip---

javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.975 UTC|SSLExtensions.java:173|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.975 UTC|ServerHello.java:960|Negotiated protocol version: TLSv1.2
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.979 UTC|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.980 UTC|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.982 UTC|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|ALL|22|New I/O worker #5|2021-09-13 08:00:24.985 UTC|SSLSessionImpl.java:216|Session initialized:  Session(1631520024985|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.986 UTC|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:24.986 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length

---snip---

javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:25.002 UTC|SSLEngineInputRecord.java:214|READ: TLSv1.2 handshake, length = 894
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:25.006 UTC|CertificateMessage.java:366|Consuming server Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00 C0 2E 2E B0 A5 C5 91 22 F6 18 13 7E 9A ED 57 81",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co",
    "not before"         : "2021-08-31 15:42:41.000 UTC",
    "not  after"         : "2022-08-31 15:42:41.000 UTC",
    "subject"            : "CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:false
          PathLen: undefined
        ]
      },
      {
        ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
          serverAuth
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_Encipherment
        ]
      },
      {
        ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
          DNSName: ingress.local
        ]
      }
    ]}
]
)
javax.net.ssl|SEVERE|22|New I/O worker #5|2021-09-13 08:00:25.102 UTC|TransportContext.java:316|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
        at sun.security.validator.Validator.validate(Validator.java:271)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:955)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:902)
        at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1365)
        at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExecutor.java:31)
        at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1362)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1249)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
        ... 36 more}

)
javax.net.ssl|ALL|22|New I/O worker #5|2021-09-13 08:00:25.104 UTC|SSLSessionImpl.java:823|Invalidated session:  Session(1631520024837|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ALL|22|New I/O worker #5|2021-09-13 08:00:25.104 UTC|SSLSessionImpl.java:823|Invalidated session:  Session(1631520024985|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
javax.net.ssl|WARNING|22|New I/O worker #5|2021-09-13 08:00:25.117 UTC|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:25.118 UTC|SSLEngineOutputRecord.java:505|WRITE: TLS12 alert, length = 2
javax.net.ssl|FINE|22|New I/O worker #5|2021-09-13 08:00:25.119 UTC|SSLEngineOutputRecord.java:523|Raw write (
  0000: 15 03 03 00 02 02 2E                               .......
)
2021-09-13 08:00:25,130 - [ERROR  ] - application - [securesocial] error trying to get an access token for provider cilogon
java.net.ConnectException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target to https://keycloak.dev.rcc-k8s.cloud.edu.au/auth/realms/dev/protocol/openid-connect/token
        at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103) ~[com.ning.async-http-client-1.7.18.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427) ~[io.netty.netty-3.7.1.Final.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413) ~[io.netty.netty-3.7.1.Final.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380) ~[io.netty.netty-3.7.1.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417) ~[io.netty.netty-3.7.1.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) ~[io.netty.netty-3.7.1.Final.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_292]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_292]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_292]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_292]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:1.8.0_292]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:1.8.0_292]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456) ~[na:1.8.0_292]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[na:1.8.0_292]
        at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_292]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) ~[na:1.8.0_292]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278) ~[na:1.8.0_292]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141) ~[na:1.8.0_292]
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_292]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_292]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_292]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451) ~[na:1.8.0_292]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[na:1.8.0_292]
        at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_292]
2021-09-13 08:00:25,133 - [ERROR  ] - application - Unable to log user in. An exception was thrown
securesocial.core.AuthenticationException: null
        at securesocial.core.OAuth2Provider.securesocial$core$OAuth2Provider$$getAccessToken(OAuth2Provider.scala:67) ~[ws.securesocial.securesocial_2.10-2.1.4.jar:2.1.4]
        at securesocial.core.OAuth2Provider$$anonfun$3$$anonfun$apply$5$$anonfun$apply$8.apply(OAuth2Provider.scala:106) ~[ws.securesocial.securesocial_2.10-2.1.4.jar:2.1.4]
        at securesocial.core.OAuth2Provider$$anonfun$3$$anonfun$apply$5$$anonfun$apply$8.apply(OAuth2Provider.scala:104) ~[ws.securesocial.securesocial_2.10-2.1.4.jar:2.1.4]
        at scala.Option$WithFilter.map(Option.scala:206) ~[org.scala-lang.scala-library-2.10.4.jar:na]
        at securesocial.core.OAuth2Provider$$anonfun$3$$anonfun$apply$5.apply(OAuth2Provider.scala:104) ~[ws.securesocial.securesocial_2.10-2.1.4.jar:2.1.4]
        at securesocial.core.OAuth2Provider$$anonfun$3$$anonfun$apply$5.apply(OAuth2Provider.scala:103) ~[ws.securesocial.securesocial_2.10-2.1.4.jar:2.1.4]

To Reproduce Steps to reproduce the behavior:

  1. Configure securesocial as above.
  2. Attempt to login with OpenID

Expected behavior

Successful redirection back to Clowder.

Screenshots clowderlog

Desktop (please complete the following information):

vs49688 commented 2 years ago

@hoangnguyen177 see this