mesosphere / traefik-forward-auth

218 stars 47 forks source link

Failed to log in with Okta - "crypto/aes: invalid key size 0" #62

Closed r2ronoha closed 2 years ago

r2ronoha commented 2 years ago

When logging in with Okta, after successful authentication, the redirection fails with Bad Gateway error. Looking in the logs, I'm getting crypto/aes: invalid key size 0

time="2022-03-15T08:10:27Z" level=debug msg="Authenticate request" headers="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en;q=0.9] Cookie:[_forward_auth_csrf=6f42d93949a95e275286771e2cd067d5] Sec-Ch-Ua:[\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"98\", \"Google Chrome\";v=\"98\"] Sec-Ch-Ua-Mobile:[?0] Sec-Ch-Ua-Platform:[\"macOS\"] Sec-Fetch-Dest:[document] Sec-Fetch-Mode:[navigate] Sec-Fetch-Site:[none] Sec-Fetch-User:[?1] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36] X-Forwarded-For:[10.42.0.5] X-Forwarded-Host:[<my_url_redacted>] X-Forwarded-Method:[GET] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Forwarded-Server:[traefik-6f794bf4f7-v42ch] X-Forwarded-Uri:[/] X-Real-Ip:[10.42.0.5]]" rule=default source_ip=10.42.0.5
time="2022-03-15T08:10:27Z" level=debug msg="sending CSRF cookie and a redirect to OIDC login" source_ip=10.42.0.5
time="2022-03-15T08:10:27Z" level=error msg="error clearing session: error setting session options: securecookie: error - caused by: crypto/aes: invalid key size 0" source_ip=10.42.0.5
time="2022-03-15T08:11:41Z" level=debug msg="Handling callback" headers="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en;q=0.9] Cookie:[_forward_auth_csrf=6a29fff6d82c4d541ed94495f1b60f42] Sec-Ch-Ua:[\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"98\", \"Google Chrome\";v=\"98\"] Sec-Ch-Ua-Mobile:[?0] Sec-Ch-Ua-Platform:[\"macOS\"] Sec-Fetch-Dest:[document] Sec-Fetch-Mode:[navigate] Sec-Fetch-Site:[cross-site] Sec-Fetch-User:[?1] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36] X-Forwarded-For:[10.42.0.5] X-Forwarded-Host:[<my_url_redacted>] X-Forwarded-Method:[GET] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Forwarded-Server:[traefik-6f794bf4f7-v42ch] X-Forwarded-Uri:[/oauth2/callback?code=x_bHj4Kh5p2y-CFmU-ZNvYRKgtVLhx__Y3HRshgDizM&state=6a29fff6d82c4d541ed94495f1b60f42%3Ahttps%3A%2F%2F<my_url_redacted>%2F] X-Real-Ip:[10.42.0.5]]" rule=default source_ip=10.42.0.5
time="2022-03-15T08:11:42Z" level=error msg="error generating secure session cookie: securecookie: error - caused by: crypto/aes: invalid key size 0" source_ip=10.42.0.5

Is this something configurable?

r2ronoha commented 2 years ago

I was missing the ENCRYPTION_KEY env var