search

ubccr / mokey

FreeIPA self-service account management portal
BSD 3-Clause "New" or "Revised" License
192 stars 47 forks source link

Forbidden - CSRF token invalid #10

Closed alsifius closed 6 years ago

alsifius commented 6 years ago

Any attempt to move beyond the initial login page produces this error. Beyond help with the error, a log file describing problem and pointing to possible resolutions would be a big help.

aebruno commented 6 years ago

Did you recently upgrade mokey? Try clearing out your browser cookies (or at least the cookies for mokey) and then re-logging in. The more recent versions had changes to the way cookies were stored.

rudgab commented 6 years ago

I'm having the same problems. This:

level=error msg="logouthandler: failed to save session" error="securecookie: error - caused by: crypto/aes: invalid key size 29"

occurs in the log. Maybe it is related to the AES size in java: but my mokey.jaml is set to:

------------------------------------------------------------------------------

Authentication key used for HMAC token signing and secure cookies

------------------------------------------------------------------------------

auth_key: "32 or 64 bytes random key"

------------------------------------------------------------------------------

Encryption key used for encrypting cookies

------------------------------------------------------------------------------

enc_key: "16, 24, or 32 byte random key"

Don't know what to do, any idea?

aebruno commented 6 years ago

You need to change those values. They are just defaults. For example:

enc_key: "2dc2aadf63c392585eef7289709932ca"

DO NOT actually use the above. It is just an example. Need to generate your own random key of either 16, 24, or 32 bytes.

rudgab commented 6 years ago

Thanks, that made the error gone.

Unfortunately I can only login with admin, any user is forbidden by: IPA login failed with HTTP status code: 401" uid=… even when I reset a new password to the user.

Regards,

Rudi Gabler

On 17. Nov 2017, at 16:53, Andrew E. Bruno notifications@github.com wrote:

You need to change those values. They are just defaults. For example:

enc_key: "2dc2aadf63c392585eef7289709932ca" DO NOT actually use the above. It is just an example. Need to generate your own random key of either 16, 24, or 32 bytes.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ubccr/mokey/issues/10#issuecomment-345281610, or mute the thread https://github.com/notifications/unsubscribe-auth/AJWQpwqlZHvI-4qeSg83K6lmb2mvKTt5ks5s3avlgaJpZM4Qd426.

aebruno commented 6 years ago

Unfortunately I can only login with admin, any user is forbidden by

Did you setup a role in freeipa for mokey? See around the third paragraph of the install file:

https://github.com/ubccr/mokey#install

rudgab commented 6 years ago

Hi,

yes I did this. It has something to do with the users. When I remove the user and recreate it, it works. At least this is a workaround.

Regards,

Rudi Gabler

On 17. Nov 2017, at 18:31, Andrew E. Bruno notifications@github.com wrote:

Unfortunately I can only login with admin, any user is forbidden by

Did you setup a role in freeipa for mokey? See around the third paragraph of the install file:

https://github.com/ubccr/mokey#install https://github.com/ubccr/mokey#install — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ubccr/mokey/issues/10#issuecomment-345310027, or mute the thread https://github.com/notifications/unsubscribe-auth/AJWQp_RgyYOLoD3FCzR6QNuYEAVX2mqoks5s3cLxgaJpZM4Qd426.