search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.72k stars 918 forks source link

Mismatched Session ID, Error 400 #12008

Closed MFYDev closed 1 week ago

MFYDev commented 1 week ago

Describe the bug Just did a fresh new install of 2024.10.1 on my VPS and set the forward auth for my own domain, combine with my nginx proxy manager,

Simply copy and change the authentik url in the config to the nginx proxy manager, and everything works before you actually log in to the path. after you log in, you will get a 400 error, and then docker log is showing mismatched session id, which will make the forward auth not working

To Reproduce Steps to reproduce the behavior:

follow the step above Expected behavior I should be able to successfully log in

Screenshots If applicable, add screenshots to help explain your problem.

Logs

INF | auth_via=session domain_url=sso.domain event=/api/v3/flows/executor/default-provider-authorization-implicit-consent/?query=client_id%3Dd2JJduzdfz8YQDdraDedDeuyzZsq0wKE7kUSkoUR%26redirect_uri%3Dhttps%253A%252F%252Ffanyangmeng.blog%252Foutpost.goauthentik.io%252Fcallback%253FX-authentik-auth-callback%253Dtrue%26response_type%3Dcode%26scope%3Dak_proxy%2Bemail%2Bprofile%2Bopenid%26state%3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnb2F1dGhlbnRpay5pby9vdXRwb3N0L2QySkpkdXpkZno4WVFEZHJhRGVkRGV1eXpac3Ewd0tFN2tVU2tvVVIiLCJzaWQiOiJTM0tYRUZMUTUyMlpYU1ZJTTUzRE01TDVITVFLQ1lSNERENVo1MlVGNUQ2NUs1RU5MTExBIiwic3RhdGUiOiJ1ekc0czlWQ0tCY1NUWUxiblBiV0ZqWjN6QUYxLV9iUEs0RkJ4a1NfbG1jIiwicmVkaXJlY3QiOiJodHRwczovL2ZhbnlhbmdtZW5nLmJsb2cvZ2hvc3QifQ.1wLXmHNaxsETXp0sYxYqmJsqyltejz12iWkZjyp_AZE host=sso.domain logger=authentik.asgi method=GET pid=84 remote=38.45.71.239 request_id=aa2e798a7b044a12bd269b7d24152896 runtime=266 schema_name=public scheme=https status=200 timestamp=2024-11-13T05:00:03.687673 user=fanyangmeng user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0 
INF | auth_via=session domain_url=sso.domain event=/api/v3/core/brands/current/ host=sso.domainlogger=authentik.asgi method=GET pid=84 remote=38.45.71.239 request_id=e0bf028776a044bbb7e615005659d49f runtime=83 schema_name=public scheme=https status=200 timestamp=2024-11-13T05:00:03.713208 user=fanyangmeng user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0 
warning | event=mismatched session ID is=S3KXEFLQ522ZXSVIM53DM5L5HMQKCYR4DD5Z52UF5D65K5ENLLLA logger=authentik.outpost.proxyv2.application name=Ghost should=MG4HGJLMNESB2EUFHLBJWSWDLUZ3U4DSGXAZLLG5MKFVRWQXF7UUNGSIQZURNBED7RWDGUNYVBVZX22B6IJ464GOD2OEQXGBBK3M7JA timestamp=2024-11-13T05:00:03Z 
warning | event=invalid state logger=authentik.outpost.proxyv2.application name=Ghost timestamp=2024-11-13T05:00:03Z 
warning | event=mismatched session ID is=S3KXEFLQ522ZXSVIM53DM5L5HMQKCYR4DD5Z52UF5D65K5ENLLLA logger=authentik.outpost.proxyv2.application name=Ghost should=MG4HGJLMNESB2EUFHLBJWSWDLUZ3U4DSGXAZLLG5MKFVRWQXF7UUNGSIQZURNBED7RWDGUNYVBVZX22B6IJ464GOD2OEQXGBBK3M7JA timestamp=2024-11-13T05:00:03Z 
INF | event=/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=6acd99117ea8404cb743fb13fc37e179&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnb2F1dGhlbnRpay5pby9vdXRwb3N0L2QySkpkdXpkZno4WVFEZHJhRGVkRGV1eXpac3Ewd0tFN2tVU2tvVVIiLCJzaWQiOiJTM0tYRUZMUTUyMlpYU1ZJTTUzRE01TDVITVFLQ1lSNERENVo1MlVGNUQ2NUs1RU5MTExBIiwic3RhdGUiOiJ1ekc0czlWQ0tCY1NUWUxiblBiV0ZqWjN6QUYxLV9iUEs0RkJ4a1NfbG1jIiwicmVkaXJlY3QiOiJodHRwczovL2ZhbnlhbmdtZW5nLmJsb2cvZ2hvc3QifQ.1wLXmHNaxsETXp0sYxYqmJsqyltejz12iWkZjyp_AZE host=fanyangmeng.blog logger=authentik.outpost.proxyv2.application method=GET name=Ghost remote=38.45.71.239:58540 runtime=0.754 scheme=http size=0 status=400 timestamp=2024-11-13T05:00:03Z user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0

Version and Deployment (please complete the following information):

Additional context Add any other context about the problem here.

MFYDev commented 1 week ago

Setting's issue

hot22shot commented 5 days ago

Hi, I have the same issue, do you minf sharing what was your setting issue ?