search

openid-certification / oidctest

THE CERTIFICATION TEST SUITE HAS BEEN MIGRATED TO A NEW SERVICE https://www.certificatinon.openid.net
Other
49 stars 15 forks source link

rp-backchannel-rpinitlogout: AttributeError: 'dict' object has no attribute 'get_uid_by_sub' #196

Closed zandbelt closed 4 years ago

zandbelt commented 4 years ago

2019-11-08 07:23:33,506 oidctest.cp.op:INFO ent:212.84.155.17, vpath: ['mod_auth_openidc-code', 'rp-backchannel-rpinitlogout', 'end_session'] 2019-11-08 07:23:33,507 oidctest.cp.op:DEBUG EndSessionRequest: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJzdWIiOiAiMWIyZmM5MzQxYTE2YWU0ZTMwMDgyOTY1ZDUzN2FlNDdjMjFhMGYyN2ZkNDNlYWI3ODMzMGVkODE3NTFhZTZkYiIsICJhdWQiOiBbInpQN0tMUFg3YVB1MSJdLCAiZXhwIjogMTU3MzI4NDIxMSwgImFjciI6ICJQQVNTV09SRCIsICJpYXQiOiAxNTczMTk3ODExLCAiYXV0aF90aW1lIjogMTU3MzE5NzgxMCwgIm5vbmNlIjogIktkTGd6WXZLeDdhTnAyRk9BZjdnay04Tzg2ZGZPcGFIZHN4ZmlZNTFIU1UifQ.oL-8iBDr5UPbwoBz1ykX60tOHtb2IAHAPraJVx7t_mpffnZYs4PLbzMCVNMQ73Sx0BWdefgV6K9vkcmO5DKAdpyHs3Q7KPG5HxfhGGOgFNJTxavFeaot37N1KQVLTao3W10jOicF15tlyvXDnBXJggiRSmuVSSPnrqhtd69tHet5qf3Uho5-JDBRkXBDLPFoQRMnwxHGuK2JDScFzXZ6Of2QIkFjb6E-yM52NQ6ZPLfGVTxdiZ8JhNkv28rX0PB3vi-n5jePBYtbZ90yYO9YWkFbJWtVrzHY-PnvaLC5c8feAqYBghbfJQaenJkD_ct86WYJYLPTnRIxulJ8TppPug', 'post_logout_redirect_uri': 'https://localhost.zmartzone.eu/loggedout.html'} 2019-11-08 07:23:33,507 oic.oic.provider:DEBUG End session request: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWJhY2tjaGFubmVsLXJwaW5pdGxvZ291dCIsICJzdWIiOiAiMWIyZmM5MzQxYTE2YWU0ZTMwMDgyOTY1ZDUzN2FlNDdjMjFhMGYyN2ZkNDNlYWI3ODMzMGVkODE3NTFhZTZkYiIsICJhdWQiOiBbInpQN0tMUFg3YVB1MSJdLCAiZXhwIjogMTU3MzI4NDIxMSwgImFjciI6ICJQQVNTV09SRCIsICJpYXQiOiAxNTczMTk3ODExLCAiYXV0aF90aW1lIjogMTU3MzE5NzgxMCwgIm5vbmNlIjogIktkTGd6WXZLeDdhTnAyRk9BZjdnay04Tzg2ZGZPcGFIZHN4ZmlZNTFIU1UifQ.oL-8iBDr5UPbwoBz1ykX60tOHtb2IAHAPraJVx7t_mpffnZYs4PLbzMCVNMQ73Sx0BWdefgV6K9vkcmO5DKAdpyHs3Q7KPG5HxfhGGOgFNJTxavFeaot37N1KQVLTao3W10jOicF15tlyvXDnBXJggiRSmuVSSPnrqhtd69tHet5qf3Uho5-JDBRkXBDLPFoQRMnwxHGuK2JDScFzXZ6Of2QIkFjb6E-yM52NQ6ZPLfGVTxdiZ8JhNkv28rX0PB3vi-n5jePBYtbZ90yYO9YWkFbJWtVrzHY-PnvaLC5c8feAqYBghbfJQaenJkD_ct86WYJYLPTnRIxulJ8TppPug', 'post_logout_redirect_uri': 'https://localhost.zmartzone.eu/loggedout.html'} 2019-11-08 07:23:33,508 oic.oauth2.message:DEBUG Raw JSON: {'iss': 'https://new-rp.certification.openid.net:8080/mod_auth_openidc-code/rp-backchannel-rpinitlogout', 'sub': '1b2fc9341a16ae4e30082965d537ae47c21a0f27fd43eab78330ed81751ae6db', 'aud': ['zP7KLPX7aPu1'], 'exp': 1573284211, 'acr': 'PASSWORD', 'iat': 1573197811, 'auth_time': 1573197810, 'nonce': 'KdLgzYvKx7aNp2FOAf7gk-8O86dfOpaHdsxfiY51HSU'} 2019-11-08 07:23:33,508 oic.oauth2.message:DEBUG JWS header: {'alg': 'RS256', 'kid': 'mEkc1lQygoU10j2NlUE-YYBv2uoaJ1xG-FnkGqfTlG0'} 2019-11-08 07:23:33,509 oic.oauth2.message:DEBUG Found signing key. 2019-11-08 07:23:33,509 jwkest.jws:DEBUG Picking key by key type=RSA 2019-11-08 07:23:33,509 jwkest.jws:DEBUG Picking key based on alg=RS256, kid=mEkc1lQygoU10j2NlUE-YYBv2uoaJ1xG-FnkGqfTlG0 and use= 2019-11-08 07:23:33,509 jwkest.jws:DEBUG Picked: kid:mEkc1lQygoU10j2NlUE-YYBv2uoaJ1xG-FnkGqfTlG0, use:sig, kty:RSA 2019-11-08 07:23:33,509 jwkest.jws:DEBUG Picked: kid:mEkc1lQygoU10j2NlUE-YYBv2uoaJ1xG-FnkGqfTlG0, use:sig, kty:RSA 2019-11-08 07:23:33,510 jwkest.jws:DEBUG Verified message using key with kid=mEkc1lQygoU10j2NlUE-YYBv2uoaJ1xG-FnkGqfTlG0 2019-11-08 07:23:33,510 cherrypy.error.140437853786576:ERROR [08/Nov/2019:07:23:33] HTTP Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/lib/encoding.py", line 220, in call self.body = self.oldhandler(*args, *kwargs) File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cpdispatch.py", line 60, in call return self.callable(self.args, self.kwargs) File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/cp/op.py", line 359, in index resp = op.end_session_endpoint(_info.to_urlencoded(), cookie=cookie) File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/rp/provider.py", line 650, in end_session_endpoint kwargs) File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 2157, in end_session_endpoint if self.sdb.get_uid_by_sub(sub) != uid: File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/sdb.py", line 978, in get_uid_by_sub return self._db.get_uid_by_sub(sub) AttributeError: 'dict' object has no attribute 'get_uid_by_sub'

rohe commented 4 years ago

Have pushed a change to oidctest that will fix this.

zandbelt commented 4 years ago

I now have the cookie issue here as well:

2019-11-09 19:55:07,778 oidctest.cp.op:INFO ent:212.84.155.17, vpath: ['mod_auth_openidc-code', 'rp-frontchannel-rpinitlogout', 'end_session']
2019-11-09 19:55:07,778 oidctest.cp.op:DEBUG EndSessionRequest: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJyWURZZkRnaFFoUzgiXSwgImV4cCI6IDE1NzM0MTU3MDYsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzMyOTMwNiwgImF1dGhfdGltZSI6IDE1NzMzMjkzMDYsICJub25jZSI6ICI5Z3V6b1JZYUpsUi1wb0xJeXJpRVhiUXRsNXBKa0MtZ0piSTltUW9kVmpRIn0.HGgcmEC0nRnSW6vMBA3kAJFTrfeMyHaJBTxFozku45a8b_UWl7XHnsEel4cL2NRqk4fjjFZHV-B7SrMRSbi5CYq1t0CmEUssyBnEiASZAdpKU5hZXDuxyhXAR87cZ35NqhHtRe4sDj2WY0pS1U_pWvWSFp19WQaEQ-R-6YQJRrq-2Q2Yq0id_gdI5g7ocPkHCU2YbQeUijziTAzG7Mbo4vNBlBADwwva0HagqSVoAz_8aoUufjRh7bRMdx692rces9aUvpoUFYaAQMof5jgpPdclNfzqDaVm8abxItiENbqlF_pUsSogG50atxDeZqpatU5Fnbsodvnk7XutS4bLXA'}
2019-11-09 19:55:07,778 oidctest.cp.op:DEBUG Request cookie at end_session_endpoint: Set-Cookie: pyoidc_sso="1573329306|sfVBZrmjnO1mEhEu11Y2Vg==|oNF0UvlE+XpAPebOBUz03SQa3TA3z8mJQAWUQ+njyVDNCfQE|2BOB3WwnTqhe05aGKRcUcw=="
Set-Cookie: session_id=2efd95a7529e4bac7723f30c290a4861b68e3989
2019-11-09 19:55:07,778 oic.oic.provider:DEBUG End session request: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJyWURZZkRnaFFoUzgiXSwgImV4cCI6IDE1NzM0MTU3MDYsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzMyOTMwNiwgImF1dGhfdGltZSI6IDE1NzMzMjkzMDYsICJub25jZSI6ICI5Z3V6b1JZYUpsUi1wb0xJeXJpRVhiUXRsNXBKa0MtZ0piSTltUW9kVmpRIn0.HGgcmEC0nRnSW6vMBA3kAJFTrfeMyHaJBTxFozku45a8b_UWl7XHnsEel4cL2NRqk4fjjFZHV-B7SrMRSbi5CYq1t0CmEUssyBnEiASZAdpKU5hZXDuxyhXAR87cZ35NqhHtRe4sDj2WY0pS1U_pWvWSFp19WQaEQ-R-6YQJRrq-2Q2Yq0id_gdI5g7ocPkHCU2YbQeUijziTAzG7Mbo4vNBlBADwwva0HagqSVoAz_8aoUufjRh7bRMdx692rces9aUvpoUFYaAQMof5jgpPdclNfzqDaVm8abxItiENbqlF_pUsSogG50atxDeZqpatU5Fnbsodvnk7XutS4bLXA'}
2019-11-09 19:55:07,779 cherrypy.error.140651837264280:ERROR [09/Nov/2019:19:55:07] HTTP 
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 209, in decrypt_and_verify
    return self.kernel.decrypt_and_verify(cipherdata, tag)
  File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 339, in decrypt_and_verify
    self.verify(mac_tag)
  File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 255, in verify
    raise ValueError("MAC check failed")
ValueError: MAC check failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 459, in parse_cookie
    cleartext = crypt.decrypt_and_verify(ciphertext, tag)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 211, in decrypt_and_verify
    raise AESError("Failed to verify data")
oic.utils.aes.AESError: Failed to verify data

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/lib/encoding.py", line 220, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cpdispatch.py", line 60, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/cp/op.py", line 362, in index
    resp = op.end_session_endpoint(_info.to_urlencoded(), cookie=cookie)
  File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/rp/provider.py", line 650, in end_session_endpoint
    **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 2130, in end_session_endpoint
    _, client_id, uid = self._get_uid_from_cookie(cookie)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 1976, in _get_uid_from_cookie
    _cval = cookie_dealer.get_cookie_value(cookie, self.sso_cookie_name)
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 645, in get_cookie_value
    cookie_name, self.srv.seed, cookie, self.srv.symkey
  File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 461, in parse_cookie
    raise InvalidCookieSign()
oic.utils.http_util.InvalidCookieSign
rohe commented 4 years ago

Yeah, they the same problem.

rohe commented 4 years ago

OK, have checked in a possible fix to oidctest.

zandbelt commented 4 years ago

closing this as the follow up to the cookie issue happens in https://github.com/openid-certification/oidctest/issues/197#issuecomment-552338884