Closed zandbelt closed 4 years ago
for the record rp-frontchannel-rpinitlogout
exposes the same behavior
404 Not Found
Nothing matches the given URI
rp-test_1 | 172.24.0.1 - - [02/Oct/2019:18:13:45] "GET /mod_auth_openidc-code/rp-frontchannel-rpinitlogout/end_session?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJQdDlLQ2hOclRrb1MiXSwgImV4cCI6IDE1NzAxMjY0MDMsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MDA0MDAwMywgImF1dGhfdGltZSI6IDE1NzAwNDAwMDMsICJub25jZSI6ICI3b1hxUTQ4RldPZmtlMmVTX3A2OS1SNEpyRGpOUTlFRW1wbnI5Z1JTV3M0In0.kLfHIPcNSs05w9yUfoYYQC9BIFXaZcIKxBDURtscAcOALJiPscw7fhV09XZXwiwpJtuj9V8zK1jenOoRj63xZxOFf5LXLRpIyOmfrfElh2O1crxCdfRNs9XcypyyBTJSnA7QJ3KCst19ws5CwWdwSU-7sCckGe8qVaFrO0l6UBZxPwQgz28vSNf9s9RQfwj9ktc8P6qWy61Resr94P0HqXqPfacYk_UkaDO1X3VMPWmnY88aY9NroFyXhWcYUXkZ0Yl66vP2e-xXofSzGH5bMyD6YWg07o6felWVJD9pa2MfsAfNCrANobATeVKGLmdgV_tocSmQPF6_k8Vt3ur_8Q&post_logout_redirect_uri=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html HTTP/1.1" 302 2353 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" rp-test_1 | 172.24.0.1 - - [02/Oct/2019:18:13:45] "GET /mod_auth_openidc-code/rp-frontchannel-rpinitlogout/?sjwt=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAiaWF0IjogMTU3MDA0MDAyNSwgImV4cCI6IDE1NzAxMjY0MjUsICJraWQiOiAiWFhPbnVGQVR5Y0c5a2JCUGVmOHJkQW5JVWF2NVJCZUU0VlZEcmtCeENtUSIsICJhdWQiOiBbImh0dHBzOi8vcnAtdGVzdDo4MDgwL21vZF9hdXRoX29wZW5pZGMtY29kZS9ycC1mcm9udGNoYW5uZWwtcnBpbml0bG9nb3V0Il0sICJ1aWQiOiAiZGlhbmEiLCAiY2xpZW50X2lkIjogIlB0OUtDaE5yVGtvUyIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9sb2NhbGhvc3Quem1hcnR6b25lLmV1L2xvZ2dlZG91dC5odG1sIiwgInNpZCI6ICI0YzJlMDU3MWFkZWEzOWZkMTc4NDFjZjkxNDg5N2Q1M2NiMTRjM2ZiZTI4NDc2MzVlMWZlMjc3OSIsICJqdGkiOiAiOWQ5YTU0OWU2YTQyNDY5OGI0NWEzYjZiYThlYThmNmMifQ.XlZALNfSWkN-h_6D5atflOYu6qdr7746JJ6R2aI83vez1VYOnpUBDq6D9Kkmbic51dXiytVhAT0e0nkubRLDc9GMm8avkqp9P3YuuhG7GZ16PgT4vT5Gz0JNUQEv1_Z4JBVVn5eIornqeCmo7T6lzG1g4eiJ1LjlgO-xLsQZOpKZ7GmLNz0m4FKsBlgqoKZ5YBBmlbJLIVJS8J0p4H4cKnJhXf82PPTzf5xE1XsY29xIGuIbux9PEOwqsj88HxoYBbrQKntCVhUslYGZi1aKt1vH0Ouk_w5ut5xxSGCGGgb27JL7fGe8U1NfHqW_HVvLIeHN94gf2w81ypCviV8uIg HTTP/1.1" 404 734 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"
Yeah, there should be "logout" before the '?'. Which machine are you running against ? new-rp.certification.openid.net ?
I was using a local docker instance that should have the same config. Do you think new-rp
would not have this issue somehow?
No, just wanted to see the whole log.
On 8 Oct 2019, at 12:00, Hans Zandbelt notifications@github.com wrote:
I was using a local docker instance that should have the same config. Do you think new-rp would not have this issue somehow?
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/openid-certification/oidctest/issues/188?email_source=notifications&email_token=AAAYMPB6T7IXJWSGUMWWIFTQNRK3NA5CNFSM4I4QC4JKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEATT77I#issuecomment-539443197, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAYMPGLAYEFUE4TGS5DSNLQNRK3NANCNFSM4I4QC4JA.
Otium cum dignitate - latin proverb
see below for the log from the point of initiating the logout:
2019-10-08 18:15:37,046 oic.oic.provider:DEBUG End session request: {} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG Raw JSON: {'iss': 'https://rp-test:8080/mod_auth_openidc-code/rp-backchannel-rpinitlogout', 'sub': '1b2fc9341a16ae4e30082965d537ae47c21a0f27fd43eab78330ed81751ae6db', 'aud': ['DocZH9FxXc5n'], 'exp': 1570644936, 'acr': 'PASSWORD', 'iat': 1570558536, 'auth_time': 1570558536, 'nonce': 'kbu0TJIuh0_VoZ09C3O_iP4lOfM0TtDeJ-02zrxpaM0'} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG JWS header: {'alg': 'RS256', 'kid': 'XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ'} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG Found signing key. 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picking key by key type=RSA 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picking key based on alg=RS256, kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ and use= 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Verified message using key with kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picking key by key type=RSA 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picking key based on alg=RS256, kid=None and use=sig 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,048 root:DEBUG JWT header: {'alg': 'RS256', 'kid': 'XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ'} 2019-10-08 18:15:37,050 jwkest.jws:DEBUG Signed message using key with kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ 2019-10-08 18:15:37,050 cherrypy.access.140260442730960:INFO 172.24.0.1 - - [08/Oct/2019:18:15:37] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/end_session?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJzdWIiOiAiMWIyZmM5MzQxYTE2YWU0ZTMwMDgyOTY1ZDUzN2FlNDdjMjFhMGYyN2ZkNDNlYWI3ODMzMGVkODE3NTFhZTZkYiIsICJhdWQiOiBbIkRvY1pIOUZ4WGM1biJdLCAiZXhwIjogMTU3MDY0NDkzNiwgImFjciI6ICJQQVNTV09SRCIsICJpYXQiOiAxNTcwNTU4NTM2LCAiYXV0aF90aW1lIjogMTU3MDU1ODUzNiwgIm5vbmNlIjogImtidTBUSkl1aDBfVm9aMDlDM09faVA0bE9mTTBUdERlSi0wMnpyeHBhTTAifQ.ELtK2Nqu9MSdX7QLQTWx_F7YpDMoKX7M51CaEfJH_lf3m-5tcuhZrADUWbhgef0-AAN-_gHOVsLFWYvROX2uaQ5FA520OHCJ9DyMEFh6cXD8afDYZCL97vc7CNI-e1FIMBpeLUCIMUQcpLUv6StrI1-BZTw8AtZ153PJXCSsRCfjaVrhATE85XdoUPla4fPXd_TmSdPlQXCtDMrc-_IJNnfJApmLSiO8W4XoBWioT58-R4Apr8Yv4arx7vnhRk2Yzg5BfHo9Q798YCiA33Rc6bxeBtOCIMWVun9IyuHpF6LmY9na0GymGNgIlQIqFS79tnwAHj8PqA1uxf9acoO_3A&post_logout_redirect_uri=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html HTTP/1.1" 302 2345 "" "curl/7.66.0" 2019-10-08 18:15:37,094 oidctest.cp.op:INFO ent:172.24.0.1, vpath: ['mod_auth_openidc-code', 'rp-backchannel-rpinitlogout'] 2019-10-08 18:15:37,094 cherrypy.access.140260442730960:INFO 172.24.0.1 - - [08/Oct/2019:18:15:37] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/?sjwt=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJpYXQiOiAxNTcwNTU4NTM3LCAiZXhwIjogMTU3MDY0NDkzNywgImtpZCI6ICJYWE9udUZBVHljRzlrYkJQZWY4cmRBbklVYXY1UkJlRTRWVkRya0J4Q21RIiwgImF1ZCI6IFsiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCJdLCAidWlkIjogImRpYW5hIiwgImNsaWVudF9pZCI6ICJEb2NaSDlGeFhjNW4iLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0LnptYXJ0em9uZS5ldS9sb2dnZWRvdXQuaHRtbCIsICJzaWQiOiAiOGVlNGE2Y2YyNzAxODI3ZWZlODFlMThkZGExNzkxYmQ2MGM1NmVhNThiNjhjZWI5MGJmYjM5ZTIiLCAianRpIjogIjk1NjNkZWY2NmM0ZDQzNTViODdmYTc0MzAxYzYxOTI4In0.UFv3HvOOw1kOsIGx7N2wzHAwKgvdAqJru6PyakyIWh8Ao86uvxfgifFGxClV8-eSrg3QBkRw8QkkO-uKASDIgdBdw0_PxVDecmieIaDJ_fSoJyhwPVE24vANMmOwww6A-mqM-WE45eSEjRy_uhyM1x5fM_WCgLQBTcnsISIsTl-jHjFH-h4tpGbRdH6n_6wsjhAuiSpY0-cT-JOgmQdJIQLLGhUesR-du7JyvVE-4XsVD4T1OyOxZZ_hEM1Y0YmAMmRaKztLrvURcVk5qX-2_00J3rjM7vNHn6CgSQba8JD00li0U9OdQG4FpiaYDBq3LB8VJgCvEM3PtLjr4h0KKQ HTTP/1.1" 404 734 "" "curl/7.66.0"
Do you have something like this in your config file:
LOGOUT_PATH = 'logout'
??
that did it, thanks
When executing
rp-backchannel-rpinitlogout
(providing a registered and valid post_logout_redirect_uri parameter) the following error results in the browser:The URL seems to be
/mod_auth_openidc-code/rp-backchannel-rpinitlogout/?sjwt=<>
as shown below in the logs. There may be a path element missing after/rp-backchannel-rpinitlogout/
?