rp-backchannel-rpinitlogout: test stops with 404

[zandbelt]

When executing rp-backchannel-rpinitlogout (providing a registered and valid post_logout_redirect_uri parameter) the following error results in the browser:

404 Not Found
Nothing matches the given URI

The URL seems to be /mod_auth_openidc-code/rp-backchannel-rpinitlogout/?sjwt=<> as shown below in the logs. There may be a path element missing after /rp-backchannel-rpinitlogout/ ?

rp-test_1 | 172.24.0.1 - - [01/Oct/2019:23:34:55] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/end_session?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJzdWIiOiAiMWIyZmM5MzQxYTE2YWU0ZTMwMDgyOTY1ZDUzN2FlNDdjMjFhMGYyN2ZkNDNlYWI3ODMzMGVkODE3NTFhZTZkYiIsICJhdWQiOiBbIkpIVDZNenZjbk0xMSJdLCAiZXhwIjogMTU3MDA1OTI5MywgImFjciI6ICJQQVNTV09SRCIsICJpYXQiOiAxNTY5OTcyODkzLCAiYXV0aF90aW1lIjogMTU2OTk3Mjg5MywgIm5vbmNlIjogIjYzTjkwRi0wU0pYdjVZaEdhQ25CbjI4dkg3T2JfZ3ZPZmpBWnR1cDVaemsifQ.gv_KRGMWDc5YyuI5Innml2Z6-7xa2ZZm3Wgw5RG7UFtsJZWVw83GL0kqGGfsRoRBg3t6E7fWOTsgbtmP6Zkbv5GPxp51yCsSpILDLWMt3-NzidAyLoA9ZTjfHFRIp8aTbvwgMdw0mFJ1YpcbaZZVHyMKbt1V_Xya-kCLvZKLaSeN3f97yYTFaRWi78Pf9MV1PXR-w3_QYMspl9AY4NVSGOIHFcEVTMakEIcg6nLpVPutddNoVmH9drbOYhIVsSa4n2JTRGynFuwZ67kaOASQlRginBzuuS2UdS6d2vbxQK2Bms_5NwTzcyakinE8wqcKYcAeUgbaS5385rIw9yhS7Q&post_logout_redirect_uri=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html HTTP/1.1" 302 2345 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" rp-test_1 | 172.24.0.1 - - [01/Oct/2019:23:34:55] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/?sjwt=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJpYXQiOiAxNTY5OTcyODk1LCAiZXhwIjogMTU3MDA1OTI5NSwgImtpZCI6ICJYWE9udUZBVHljRzlrYkJQZWY4cmRBbklVYXY1UkJlRTRWVkRya0J4Q21RIiwgImF1ZCI6IFsiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCJdLCAidWlkIjogImRpYW5hIiwgImNsaWVudF9pZCI6ICJKSFQ2TXp2Y25NMTEiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0LnptYXJ0em9uZS5ldS9sb2dnZWRvdXQuaHRtbCIsICJzaWQiOiAiMDliNmQ0MjUwMDEwZTgwNWViNTI0NGE0Mzc0MWE4YWJhOGNmNjkwOWIyZWQ0NTk0NGFmZTBhOTUiLCAianRpIjogImNkYzJkNTkxMTI4ZTQ3Mjc5Y2EyMTYzMzcxOTk2NmM2In0.QWcw_Oa5w7HvLDYn1aVBJ-1rpYmvpmMutHo_TNEltK7fMuV2v6060BZt7DMZXE7HV57Hsicl2PWdhmRLAv-ufA7Hp6H1GhvO3ba56kILHivQquGXex0iXbRLAhlwKkRviLiXogOhmox1YbLudROfd88HF0GdHaxXSsd_kwLLokD0ah3w_dDntKyHZiMrhMTZwD4OA_tq6iL7nNUlTCP0XV8nVskE-TLC3uLnze-C2yRhRHDnKpvcooxzzSOLdNXcYQPmb4TMQp0jBevlecXQ49guX1-Krcn6jqYwbVMzooTUXC44C6pz4AcxNoMqCl9waRWCDmejpZ1Ayjkt3Lm3ng HTTP/1.1" 404 734 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"

[zandbelt]

for the record rp-frontchannel-rpinitlogout exposes the same behavior

404 Not Found
Nothing matches the given URI

rp-test_1 | 172.24.0.1 - - [02/Oct/2019:18:13:45] "GET /mod_auth_openidc-code/rp-frontchannel-rpinitlogout/end_session?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJQdDlLQ2hOclRrb1MiXSwgImV4cCI6IDE1NzAxMjY0MDMsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MDA0MDAwMywgImF1dGhfdGltZSI6IDE1NzAwNDAwMDMsICJub25jZSI6ICI3b1hxUTQ4RldPZmtlMmVTX3A2OS1SNEpyRGpOUTlFRW1wbnI5Z1JTV3M0In0.kLfHIPcNSs05w9yUfoYYQC9BIFXaZcIKxBDURtscAcOALJiPscw7fhV09XZXwiwpJtuj9V8zK1jenOoRj63xZxOFf5LXLRpIyOmfrfElh2O1crxCdfRNs9XcypyyBTJSnA7QJ3KCst19ws5CwWdwSU-7sCckGe8qVaFrO0l6UBZxPwQgz28vSNf9s9RQfwj9ktc8P6qWy61Resr94P0HqXqPfacYk_UkaDO1X3VMPWmnY88aY9NroFyXhWcYUXkZ0Yl66vP2e-xXofSzGH5bMyD6YWg07o6felWVJD9pa2MfsAfNCrANobATeVKGLmdgV_tocSmQPF6_k8Vt3ur_8Q&post_logout_redirect_uri=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html HTTP/1.1" 302 2353 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" rp-test_1 | 172.24.0.1 - - [02/Oct/2019:18:13:45] "GET /mod_auth_openidc-code/rp-frontchannel-rpinitlogout/?sjwt=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAiaWF0IjogMTU3MDA0MDAyNSwgImV4cCI6IDE1NzAxMjY0MjUsICJraWQiOiAiWFhPbnVGQVR5Y0c5a2JCUGVmOHJkQW5JVWF2NVJCZUU0VlZEcmtCeENtUSIsICJhdWQiOiBbImh0dHBzOi8vcnAtdGVzdDo4MDgwL21vZF9hdXRoX29wZW5pZGMtY29kZS9ycC1mcm9udGNoYW5uZWwtcnBpbml0bG9nb3V0Il0sICJ1aWQiOiAiZGlhbmEiLCAiY2xpZW50X2lkIjogIlB0OUtDaE5yVGtvUyIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9sb2NhbGhvc3Quem1hcnR6b25lLmV1L2xvZ2dlZG91dC5odG1sIiwgInNpZCI6ICI0YzJlMDU3MWFkZWEzOWZkMTc4NDFjZjkxNDg5N2Q1M2NiMTRjM2ZiZTI4NDc2MzVlMWZlMjc3OSIsICJqdGkiOiAiOWQ5YTU0OWU2YTQyNDY5OGI0NWEzYjZiYThlYThmNmMifQ.XlZALNfSWkN-h_6D5atflOYu6qdr7746JJ6R2aI83vez1VYOnpUBDq6D9Kkmbic51dXiytVhAT0e0nkubRLDc9GMm8avkqp9P3YuuhG7GZ16PgT4vT5Gz0JNUQEv1_Z4JBVVn5eIornqeCmo7T6lzG1g4eiJ1LjlgO-xLsQZOpKZ7GmLNz0m4FKsBlgqoKZ5YBBmlbJLIVJS8J0p4H4cKnJhXf82PPTzf5xE1XsY29xIGuIbux9PEOwqsj88HxoYBbrQKntCVhUslYGZi1aKt1vH0Ouk_w5ut5xxSGCGGgb27JL7fGe8U1NfHqW_HVvLIeHN94gf2w81ypCviV8uIg HTTP/1.1" 404 734 "https://localhost.zmartzone.eu/protected/index.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"

[rohe]

Yeah, there should be "logout" before the '?'. Which machine are you running against ? new-rp.certification.openid.net ?

[zandbelt]

I was using a local docker instance that should have the same config. Do you think new-rp would not have this issue somehow?

[rohe]

No, just wanted to see the whole log.

On 8 Oct 2019, at 12:00, Hans Zandbelt notifications@github.com wrote:

I was using a local docker instance that should have the same config. Do you think new-rp would not have this issue somehow?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/openid-certification/oidctest/issues/188?email_source=notifications&email_token=AAAYMPB6T7IXJWSGUMWWIFTQNRK3NA5CNFSM4I4QC4JKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEATT77I#issuecomment-539443197, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAYMPGLAYEFUE4TGS5DSNLQNRK3NANCNFSM4I4QC4JA.

• Roland

Otium cum dignitate - latin proverb

[zandbelt]

see below for the log from the point of initiating the logout:

2019-10-08 18:15:37,046 oic.oic.provider:DEBUG End session request: {} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG Raw JSON: {'iss': 'https://rp-test:8080/mod_auth_openidc-code/rp-backchannel-rpinitlogout', 'sub': '1b2fc9341a16ae4e30082965d537ae47c21a0f27fd43eab78330ed81751ae6db', 'aud': ['DocZH9FxXc5n'], 'exp': 1570644936, 'acr': 'PASSWORD', 'iat': 1570558536, 'auth_time': 1570558536, 'nonce': 'kbu0TJIuh0_VoZ09C3O_iP4lOfM0TtDeJ-02zrxpaM0'} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG JWS header: {'alg': 'RS256', 'kid': 'XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ'} 2019-10-08 18:15:37,047 oic.oauth2.message:DEBUG Found signing key. 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picking key by key type=RSA 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picking key based on alg=RS256, kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ and use= 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,047 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Verified message using key with kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picking key by key type=RSA 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picking key based on alg=RS256, kid=None and use=sig 2019-10-08 18:15:37,048 jwkest.jws:DEBUG Picked: kid:XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ, use:sig, kty:RSA 2019-10-08 18:15:37,048 root:DEBUG JWT header: {'alg': 'RS256', 'kid': 'XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ'} 2019-10-08 18:15:37,050 jwkest.jws:DEBUG Signed message using key with kid=XXOnuFATycG9kbBPef8rdAnIUav5RBeE4VVDrkBxCmQ 2019-10-08 18:15:37,050 cherrypy.access.140260442730960:INFO 172.24.0.1 - - [08/Oct/2019:18:15:37] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/end_session?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJzdWIiOiAiMWIyZmM5MzQxYTE2YWU0ZTMwMDgyOTY1ZDUzN2FlNDdjMjFhMGYyN2ZkNDNlYWI3ODMzMGVkODE3NTFhZTZkYiIsICJhdWQiOiBbIkRvY1pIOUZ4WGM1biJdLCAiZXhwIjogMTU3MDY0NDkzNiwgImFjciI6ICJQQVNTV09SRCIsICJpYXQiOiAxNTcwNTU4NTM2LCAiYXV0aF90aW1lIjogMTU3MDU1ODUzNiwgIm5vbmNlIjogImtidTBUSkl1aDBfVm9aMDlDM09faVA0bE9mTTBUdERlSi0wMnpyeHBhTTAifQ.ELtK2Nqu9MSdX7QLQTWx_F7YpDMoKX7M51CaEfJH_lf3m-5tcuhZrADUWbhgef0-AAN-_gHOVsLFWYvROX2uaQ5FA520OHCJ9DyMEFh6cXD8afDYZCL97vc7CNI-e1FIMBpeLUCIMUQcpLUv6StrI1-BZTw8AtZ153PJXCSsRCfjaVrhATE85XdoUPla4fPXd_TmSdPlQXCtDMrc-_IJNnfJApmLSiO8W4XoBWioT58-R4Apr8Yv4arx7vnhRk2Yzg5BfHo9Q798YCiA33Rc6bxeBtOCIMWVun9IyuHpF6LmY9na0GymGNgIlQIqFS79tnwAHj8PqA1uxf9acoO_3A&post_logout_redirect_uri=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html HTTP/1.1" 302 2345 "" "curl/7.66.0" 2019-10-08 18:15:37,094 oidctest.cp.op:INFO ent:172.24.0.1, vpath: ['mod_auth_openidc-code', 'rp-backchannel-rpinitlogout'] 2019-10-08 18:15:37,094 cherrypy.access.140260442730960:INFO 172.24.0.1 - - [08/Oct/2019:18:15:37] "GET /mod_auth_openidc-code/rp-backchannel-rpinitlogout/?sjwt=eyJhbGciOiJSUzI1NiIsImtpZCI6IlhYT251RkFUeWNHOWtiQlBlZjhyZEFuSVVhdjVSQmVFNFZWRHJrQnhDbVEifQ.eyJpc3MiOiAiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJpYXQiOiAxNTcwNTU4NTM3LCAiZXhwIjogMTU3MDY0NDkzNywgImtpZCI6ICJYWE9udUZBVHljRzlrYkJQZWY4cmRBbklVYXY1UkJlRTRWVkRya0J4Q21RIiwgImF1ZCI6IFsiaHR0cHM6Ly9ycC10ZXN0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCJdLCAidWlkIjogImRpYW5hIiwgImNsaWVudF9pZCI6ICJEb2NaSDlGeFhjNW4iLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0LnptYXJ0em9uZS5ldS9sb2dnZWRvdXQuaHRtbCIsICJzaWQiOiAiOGVlNGE2Y2YyNzAxODI3ZWZlODFlMThkZGExNzkxYmQ2MGM1NmVhNThiNjhjZWI5MGJmYjM5ZTIiLCAianRpIjogIjk1NjNkZWY2NmM0ZDQzNTViODdmYTc0MzAxYzYxOTI4In0.UFv3HvOOw1kOsIGx7N2wzHAwKgvdAqJru6PyakyIWh8Ao86uvxfgifFGxClV8-eSrg3QBkRw8QkkO-uKASDIgdBdw0_PxVDecmieIaDJ_fSoJyhwPVE24vANMmOwww6A-mqM-WE45eSEjRy_uhyM1x5fM_WCgLQBTcnsISIsTl-jHjFH-h4tpGbRdH6n_6wsjhAuiSpY0-cT-JOgmQdJIQLLGhUesR-du7JyvVE-4XsVD4T1OyOxZZ_hEM1Y0YmAMmRaKztLrvURcVk5qX-2_00J3rjM7vNHn6CgSQba8JD00li0U9OdQG4FpiaYDBq3LB8VJgCvEM3PtLjr4h0KKQ HTTP/1.1" 404 734 "" "curl/7.66.0"

[rohe]

Do you have something like this in your config file:

LOGOUT_PATH = 'logout'

??

[zandbelt]

that did it, thanks