Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal Server Error happens with release 2.4.15.5 and timed out sessions #1200

Closed
zandbelt opened this issue Mar 14, 2024 Discussed in #1197 · 2 comments
Closed

Internal Server Error happens with release 2.4.15.5 and timed out sessions #1200

zandbelt opened this issue Mar 14, 2024 Discussed in #1197 · 2 comments

Comments

@zandbelt
Copy link
Member

Discussed in #1197

Originally posted by HolgerHees March 14, 2024
After updating to version 2.4.15.3 and 2.4.15.5 I got a 500 after 1 hour of inactivity until I delete my cookies, followed by a relogin. First Time I saw it was directly after updating to 2.4.15.3, but still it is reproducible with latest version 2.4.15.5.

I opened my browser after 12 hours and everything was fine. I had to login again. Then I keeped my browser window open for an hour, without any interaction and got this error after a page reload. The one hour is related to my OIDCSessionInactivityTimeout setting.

This are the apache error logs

[2024-03-14 08:46:42.519687] [auth_openidc:error] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error" entry with value: ""invalid_request""
[2024-03-14 08:46:42.519751] [auth_openidc:error] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error_description" entry with value: ""Invalid Credentials""
[2024-03-14 08:46:42.519771] [auth_openidc:warn] oidc_refresh_token_grant: refresh token routine called but no refresh_token found in the session
[2024-03-14 08:46:42.519812] [auth_openidc:error] oidc_userinfo_retrieve_claims: refreshing access token failed, claims will not be retrieved/refreshed from the userinfo endpoint

and this is my configuration


OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID <MYID>.apps.googleusercontent.com
OIDCClientSecret <MYSECRET>

OIDCCryptoPassphrase <MYCRYPTOPASSPHRASE>

OIDCScope "openid email profile"
OIDCRemoteUserClaim email

OIDCPassClaimsAs environment

OIDCCookie session_openidc
OIDCCookieDomain <MYDOMAIN>

OIDCDefaultURL https://<MYDOMAIN>/_auth/invalid/
OIDCRedirectURI https://<MYDOMAIN>/redirect_uri

OIDCSessionInactivityTimeout 3600
OIDCSessionMaxDuration 86400

OIDCStateMaxNumberOfCookies 10 true

OIDCCookieSameSite Off
@thePaulBurger
Copy link

How was this resolved? I am also getting an internal server error.

@zandbelt
Copy link
Member Author

use >= 2.4.15.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zandbelt @thePaulBurger