search

dominik-th / matomo-plugin-LoginOIDC

external authentication services for matomo
https://plugins.matomo.org/LoginOIDC/
GNU General Public License v3.0
42 stars 30 forks source link

Matomo 4.12.3 + OIDC - 403 timeout when not logged in #81

Open scott-amgen opened 1 year ago

scott-amgen commented 1 year ago

On latest Matomo 4.12.3 official docker image and latest LogicOIDC v4.1.2

When users attempt to visit the site while not logged in: EXAMPLE.COM/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#?period=day&date=yesterday&category=Dashboard_Dashboard&subcategory=1

They will be greeted with a 403 page.

error

If a user IS logged in, then they will arrive at the page successfully.

I've confirmed that this only happens when the plugin LoginOIDC is enabled. When the plugin is disabled, the usual login prompt is shown:

login
dominik-th commented 1 year ago

Hi @scott-amgen thanks for your bug report!

Unfortunately I am unable to reproduce this issue, neither on my prod nor on my dev instance. Can you provide me the the steps to reproduce it on a fresh installation?

When users attempt to visit the site while not logged in: EXAMPLE.COM/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#?period=day&date=yesterday&category=Dashboard_Dashboard&subcategory=1

This is what I see when trying to access a protected page:

Screen Shot 2022-11-27 at 17 31 31
scott-amgen commented 1 year ago

@dominik-th Happy holidays! Thanks for the quick response in testing, much appreciated!

These are the steps I used:

Here's a simplified version of the Ansible tasks that I used, and the configs related to LoginOIDC plugin. https://gist.github.com/scott-amgen/4ee4d921cb757c86b2f14d4c9c2f13f2

scott-amgen commented 1 year ago

@dominik-th Regarding your test, was it done on Docker as well? Or was it directly on the web server?

The image I used is from official https://hub.docker.com/_/matomo/tags: docker pull matomo:4.12.3