"groups session data is missing, re-authenticating" after adding groups to session

[brokenjacobs]

Trying the v2 codebase since I push group claims from my IDP. And here is what happens on every auth request: ime="2020-03-19T22:36:49Z" level=info msg="creating group claims session with groups: [WebApps.LCS.Access.User.Group K8S.LCS.Admin.User.Group]" source_ip=10.203.53.248 time="2020-03-19T22:36:49Z" level=info msg="groups session data is missing, re-authenticating" source_ip=10.203.53.248 I can verify the forward_auth_claims cookie is being set and sent in the browser, and I even tried renaming it, and it goes back and forth with the corrected name.

It seems like it is decoding the cooking into the session but getting a null value. I'm not sure how that is happening. Any clues?

[brokenjacobs]

Turning up debug: I see the cookie in: level=debug msg="Handling callback" headers="....

But not in: level=debug msg="Authenticate request" headers="

[brokenjacobs]

Save the session: https://github.com/mesosphere/traefik-forward-auth/blob/370a655a9fe24323de1e05f348de16213598f319/internal/server.go#L318 Implementation: https://github.com/mesosphere/traefik-forward-auth/blob/370a655a9fe24323de1e05f348de16213598f319/internal/server_test.go#L54

So... guessing this all doesn't work yet?

[brokenjacobs]

ping?

[geiseri]

this seems like what i am seeing on #23

[brokenjacobs]

looks like this shouldn't be a 'release' as the implementation is incomplete.

[jr0d]

@brokenjacobs Sorry, I've been away from this for a while. Group sessions do work, though they require a SESSION_KEY to be set. We were not checking properly that the SESSION_KEY existed before setting up the group claims session; resulting in this behavior.

[brokenjacobs]

I hadn't checked back in but it looks like this has been resolved now? Yay!

[brokenjacobs]

nope. added a SESSION_KEY setting 32 characters long, and it is still not working. Same error messages, on 2.0.5.