Open asjongers opened 5 years ago
Hello @asjongers!
This is really great comment and seems you've fixed issue with request to the redirect_uri_path but there's no session state found
after redirect.
I've been using kong as part of docker setup and added that environment variable without adding session_secret
to the plugin. But whenever i add both - i have error kong error 500.
Can you please give more detailed information how did you fix an issue?
Some information about my setup:
// docker-compose.yml env variable
- KONG_NGINX_PROXY_SET="$$session_secret perfect_s3cr3+"
kong version: 0.13.0
plugin version: current master installed with luarocks install kong-oidc
If you would be able to give some more information or any clue to the issue, would be great! 🙏
Thank you
Hi @z-aliakseyeu.
In our case, we stopped using config.session_secret as it would just end up overriding the one already set but if you really do need to set one, make sure you provide a properly base64 encoded secret or your service will probably end up sending a 500 response because of this if clause:
if config.session_secret then
local decoded_session_secret = ngx.decode_base64(config.session_secret)
if not decoded_session_secret then
utils.exit(500, "invalid OIDC plugin configuration, session secret could not be decoded", ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR))
end
ngx.var.session_secret = decoded_session_secret
end
If it's not already the case, try setting config.session_secret to a proper base64 encoded secret and see if it works! You could use this website to generate one.
Hi,
Setting
config.session_secret
(even to a correct base64 encoded value) breaks the plugin if the $session_secret variable has not been set on Kong.The problem disappears if you set it first on Kong (I use it in a docker environment where you can set it with the following ENV variable
KONG_NGINX_PROXY_SET: "$$session_secret <yoursecret>"
) but then I'm not sure why you would set it through the plugin in the first place.Couldn't that whole feature be dropped and a recommendation to set a session_secret in your Kong configuration be added in the documentation?
As a side-note, we encountered that problem when trying to fix an issue where loading static files for Kibana behind Kong would fail, thus leading us to #78 and after some more research to #1 where we discovered that setting session_secret properly on Kong itself would solve all our issues.
Thanks.