Closed zandbelt closed 4 years ago
Have pushed a change to oidctest that will fix this.
I now have the cookie issue here as well:
2019-11-09 19:55:07,778 oidctest.cp.op:INFO ent:212.84.155.17, vpath: ['mod_auth_openidc-code', 'rp-frontchannel-rpinitlogout', 'end_session']
2019-11-09 19:55:07,778 oidctest.cp.op:DEBUG EndSessionRequest: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJyWURZZkRnaFFoUzgiXSwgImV4cCI6IDE1NzM0MTU3MDYsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzMyOTMwNiwgImF1dGhfdGltZSI6IDE1NzMzMjkzMDYsICJub25jZSI6ICI5Z3V6b1JZYUpsUi1wb0xJeXJpRVhiUXRsNXBKa0MtZ0piSTltUW9kVmpRIn0.HGgcmEC0nRnSW6vMBA3kAJFTrfeMyHaJBTxFozku45a8b_UWl7XHnsEel4cL2NRqk4fjjFZHV-B7SrMRSbi5CYq1t0CmEUssyBnEiASZAdpKU5hZXDuxyhXAR87cZ35NqhHtRe4sDj2WY0pS1U_pWvWSFp19WQaEQ-R-6YQJRrq-2Q2Yq0id_gdI5g7ocPkHCU2YbQeUijziTAzG7Mbo4vNBlBADwwva0HagqSVoAz_8aoUufjRh7bRMdx692rces9aUvpoUFYaAQMof5jgpPdclNfzqDaVm8abxItiENbqlF_pUsSogG50atxDeZqpatU5Fnbsodvnk7XutS4bLXA'}
2019-11-09 19:55:07,778 oidctest.cp.op:DEBUG Request cookie at end_session_endpoint: Set-Cookie: pyoidc_sso="1573329306|sfVBZrmjnO1mEhEu11Y2Vg==|oNF0UvlE+XpAPebOBUz03SQa3TA3z8mJQAWUQ+njyVDNCfQE|2BOB3WwnTqhe05aGKRcUcw=="
Set-Cookie: session_id=2efd95a7529e4bac7723f30c290a4861b68e3989
2019-11-09 19:55:07,778 oic.oic.provider:DEBUG End session request: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJyWURZZkRnaFFoUzgiXSwgImV4cCI6IDE1NzM0MTU3MDYsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzMyOTMwNiwgImF1dGhfdGltZSI6IDE1NzMzMjkzMDYsICJub25jZSI6ICI5Z3V6b1JZYUpsUi1wb0xJeXJpRVhiUXRsNXBKa0MtZ0piSTltUW9kVmpRIn0.HGgcmEC0nRnSW6vMBA3kAJFTrfeMyHaJBTxFozku45a8b_UWl7XHnsEel4cL2NRqk4fjjFZHV-B7SrMRSbi5CYq1t0CmEUssyBnEiASZAdpKU5hZXDuxyhXAR87cZ35NqhHtRe4sDj2WY0pS1U_pWvWSFp19WQaEQ-R-6YQJRrq-2Q2Yq0id_gdI5g7ocPkHCU2YbQeUijziTAzG7Mbo4vNBlBADwwva0HagqSVoAz_8aoUufjRh7bRMdx692rces9aUvpoUFYaAQMof5jgpPdclNfzqDaVm8abxItiENbqlF_pUsSogG50atxDeZqpatU5Fnbsodvnk7XutS4bLXA'}
2019-11-09 19:55:07,779 cherrypy.error.140651837264280:ERROR [09/Nov/2019:19:55:07] HTTP
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 209, in decrypt_and_verify
return self.kernel.decrypt_and_verify(cipherdata, tag)
File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 339, in decrypt_and_verify
self.verify(mac_tag)
File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 255, in verify
raise ValueError("MAC check failed")
ValueError: MAC check failed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 459, in parse_cookie
cleartext = crypt.decrypt_and_verify(ciphertext, tag)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 211, in decrypt_and_verify
raise AESError("Failed to verify data")
oic.utils.aes.AESError: Failed to verify data
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/lib/encoding.py", line 220, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cpdispatch.py", line 60, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/cp/op.py", line 362, in index
resp = op.end_session_endpoint(_info.to_urlencoded(), cookie=cookie)
File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/rp/provider.py", line 650, in end_session_endpoint
**kwargs)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 2130, in end_session_endpoint
_, client_id, uid = self._get_uid_from_cookie(cookie)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 1976, in _get_uid_from_cookie
_cval = cookie_dealer.get_cookie_value(cookie, self.sso_cookie_name)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 645, in get_cookie_value
cookie_name, self.srv.seed, cookie, self.srv.symkey
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 461, in parse_cookie
raise InvalidCookieSign()
oic.utils.http_util.InvalidCookieSign
Yeah, they the same problem.
OK, have checked in a possible fix to oidctest.
closing this as the follow up to the cookie issue happens in https://github.com/openid-certification/oidctest/issues/197#issuecomment-552338884