Closed zandbelt closed 4 years ago
Can't replicate this error. So, I have no idea what's going on.
Am I right in that you only saw this once ?
no, it is repeatable for me, always happens
OK, I'll see if I can get some time to look at it tomorrow.
Probably have to add some more logging lines in the code. I will do that directly in the code on new_rp.
after pushing the latest changes to new-rp the result is still:
2019-11-11 08:16:06,716 oidctest.cp.op:INFO ent:212.84.155.17, vpath: ['mod_auth_openidc-code', 'rp-frontchannel-rpinitlogout', 'end_session']
2019-11-11 08:16:06,717 oidctest.cp.op:DEBUG EndSessionRequest: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJ4bTVyWlBLSUlLTlQiXSwgImV4cCI6IDE1NzM1NDY1NjUsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzQ2MDE2NSwgImF1dGhfdGltZSI6IDE1NzM0NjAxNjUsICJub25jZSI6ICItc2NJamZjMGJ1Q3ltV1cxVEhQUWpJVmhneXBtQTNPWk9iV2kxd0JpZ2lFIn0.YTJhQALK1rHmF5mrE9mO91G0yU5V4Y4CGRO-QGfakC4_ssP5DJHs0uVmeCDKcdLafFIDl5mfeCfQcUiaSLZiJFINslJsagGskxRAwqwEhZGvwJxFMmuXrpqwAAn75DeYGKoNIeOdIf8r2Dy5zkSvVCyfIymRLf0vx6P-7NOtvZwbPM6r0w0AQi_V68cA7hZmuJST4tDw8-Gz9loChMC86oPmIi9mAgy7ZHAUSPTXeGSjS7RAkiviNgtYBdGpmNTw8SjcDBUmHBjXVWIvGDHr1Dm04NC6Uxzn4RpuBnJ0WiA3IfR4l--IBqIF_onOn1WM22itsh92SUn12dSOv7cLLg'}
2019-11-11 08:16:06,717 oidctest.cp.op:DEBUG Request cookie at end_session_endpoint: Set-Cookie: pyoidc_sso="1573460165|+EMs3qEga/TPxjLVd7j3Dw==|6L1z447whhtxp7EZP6K+O/7Ylty+lEEPvwYkRlbJI3T4haUz|1uNT80n4CMABnH4tSSQPUQ=="
Set-Cookie: session_id=34ab8e5192fce50899cf6d678753a738bd560b5d
2019-11-11 08:16:06,717 oic.oic.provider:DEBUG End session request: {'id_token_hint': 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im1Fa2MxbFF5Z29VMTBqMk5sVUUtWVlCdjJ1b2FKMXhHLUZua0dxZlRsRzAifQ.eyJpc3MiOiAiaHR0cHM6Ly9uZXctcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbW9kX2F1dGhfb3BlbmlkYy1jb2RlL3JwLWZyb250Y2hhbm5lbC1ycGluaXRsb2dvdXQiLCAic3ViIjogIjFiMmZjOTM0MWExNmFlNGUzMDA4Mjk2NWQ1MzdhZTQ3YzIxYTBmMjdmZDQzZWFiNzgzMzBlZDgxNzUxYWU2ZGIiLCAiYXVkIjogWyJ4bTVyWlBLSUlLTlQiXSwgImV4cCI6IDE1NzM1NDY1NjUsICJhY3IiOiAiUEFTU1dPUkQiLCAiaWF0IjogMTU3MzQ2MDE2NSwgImF1dGhfdGltZSI6IDE1NzM0NjAxNjUsICJub25jZSI6ICItc2NJamZjMGJ1Q3ltV1cxVEhQUWpJVmhneXBtQTNPWk9iV2kxd0JpZ2lFIn0.YTJhQALK1rHmF5mrE9mO91G0yU5V4Y4CGRO-QGfakC4_ssP5DJHs0uVmeCDKcdLafFIDl5mfeCfQcUiaSLZiJFINslJsagGskxRAwqwEhZGvwJxFMmuXrpqwAAn75DeYGKoNIeOdIf8r2Dy5zkSvVCyfIymRLf0vx6P-7NOtvZwbPM6r0w0AQi_V68cA7hZmuJST4tDw8-Gz9loChMC86oPmIi9mAgy7ZHAUSPTXeGSjS7RAkiviNgtYBdGpmNTw8SjcDBUmHBjXVWIvGDHr1Dm04NC6Uxzn4RpuBnJ0WiA3IfR4l--IBqIF_onOn1WM22itsh92SUn12dSOv7cLLg'}
2019-11-11 08:16:06,718 cherrypy.error.140149147738744:ERROR [11/Nov/2019:08:16:06] HTTP
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 209, in decrypt_and_verify
return self.kernel.decrypt_and_verify(cipherdata, tag)
File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 339, in decrypt_and_verify
self.verify(mac_tag)
File "/usr/local/lib/python3.6/dist-packages/pycryptodomex-3.6.6-py3.6-linux-x86_64.egg/Cryptodome/Cipher/_mode_siv.py", line 255, in verify
raise ValueError("MAC check failed")
ValueError: MAC check failed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 459, in parse_cookie
cleartext = crypt.decrypt_and_verify(ciphertext, tag)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/aes.py", line 211, in decrypt_and_verify
raise AESError("Failed to verify data")
oic.utils.aes.AESError: Failed to verify data
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/lib/encoding.py", line 220, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/CherryPy-8.9.1-py3.6.egg/cherrypy/_cpdispatch.py", line 60, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/cp/op.py", line 362, in index
resp = op.end_session_endpoint(_info.to_urlencoded(), cookie=cookie)
File "/usr/local/lib/python3.6/dist-packages/oidctest-0.9.0-py3.6.egg/oidctest/rp/provider.py", line 650, in end_session_endpoint
**kwargs)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 2130, in end_session_endpoint
_, client_id, uid = self._get_uid_from_cookie(cookie)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/oic/provider.py", line 1976, in _get_uid_from_cookie
_cval = cookie_dealer.get_cookie_value(cookie, self.sso_cookie_name)
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 645, in get_cookie_value
cookie_name, self.srv.seed, cookie, self.srv.symkey
File "/usr/local/lib/python3.6/dist-packages/oic-1.1.1-py3.6.egg/oic/utils/http_util.py", line 461, in parse_cookie
raise InvalidCookieSign()
oic.utils.http_util.InvalidCookieSign
The configuration is wrong. Don't know why it wasn't carried over example_conf.py contains the line:
SEED = b"abcdefghijklmnop"
Doesn't appear in conf.py . Absolutely vital.