Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC with Authelia: Internal Server Error: The state is missing or does not have enough characters... #7496

Open
castaf opened this issue Dec 17, 2024 · 0 comments
Open

OIDC with Authelia: Internal Server Error: The state is missing or does not have enough characters... #7496

castaf opened this issue Dec 17, 2024 · 0 comments

Comments

@castaf
Copy link

castaf commented Dec 17, 2024
edited
Loading

I add configuration for OpenID Connect. The Account service start is OK. On the front I have the "Continue with OpenId" button.
Account service log:

Logging also into console development true
{"level":"info","message":"####################################################################################################################","timestamp":"2024-12-12T16:58:58.515Z"}
{"level":"info","message":"########################SplitLogger account initialized: 2024-12-12T16:58:58.515Z###########################","timestamp":"2024-12-12T16:58:58.515Z"}
Starting account service with brandings:  {}
server started on port 3000
{"issuer":{"authorization_endpoint":"https://authelia.waadoo.net/api/oidc/authorization","backchannel_logout_session_supported":false,"backchannel_logout_supported":false,"claim_types_supported":["normal"],"claims_parameter_supported":false,"claims_supported":["amr","aud","azp","client_id","exp","iat","iss","jti","rat","sub","auth_time","nonce","email","email_verified","alt_emails","groups","preferred_username","name"],"code_challenge_methods_supported":["S256"],"frontchannel_logout_session_supported":false,"frontchannel_logout_supported":false,"grant_types_supported":["authorization_code","implicit"],"id_token_signing_alg_values_supported":["RS256"],"introspection_endpoint":"https://authelia.waadoo.net/api/oidc/introspection","introspection_endpoint_auth_methods_supported":["client_secret_basic"],"issuer":"https://authelia.waadoo.net","jwks_uri":"https://authelia.waadoo.net/jwks.json","request_object_signing_alg_values_supported":["none","RS256"],"request_parameter_supported":false,"request_uri_parameter_supported":false,"require_pushed_authorization_requests":false,"require_request_uri_registration":false,"response_modes_supported":["form_post","query","fragment"],"response_types_supported":["code","token","id_token","code token","code id_token","token id_token","code token id_token","none"],"revocation_endpoint":"https://authelia.waadoo.net/api/oidc/revocation","revocation_endpoint_auth_methods_supported":["client_secret_basic"],"scopes_supported":["offline_access","openid","profile","groups","email"],"subject_types_supported":["public"],"token_endpoint":"https://authelia.waadoo.net/api/oidc/token","token_endpoint_auth_methods_supported":["client_secret_basic"],"userinfo_endpoint":"https://authelia.waadoo.net/api/oidc/userinfo","userinfo_signing_alg_values_supported":["none","RS256"]},"level":"info","message":"Discovered issuer","timestamp":"2024-12-12T16:58:58.600Z"}
{"level":"info","message":"Created OIDC client","timestamp":"2024-12-12T16:58:58.601Z"}
{"level":"info","message":"Registered OIDC strategy","timestamp":"2024-12-12T16:58:58.602Z"}
{"level":"info","message":"try auth via","provider":"openid","timestamp":"2024-12-12T16:59:53.287Z"}

When I click on the "Continue with OpenId" button, I am well redirected on my Idp Authelia, but I instantly redirect on Huly account service with an HTTP 500 error and an error from Authelia:

level=error msg="Authorization Request failed with error: The state is missing or does not have enough characters and is therefore considered too weak. Request parameter 'state' must be at least be 8 characters long to ensure sufficient entropy."

Indeed, the request GET parameters of the first redirection on Authelia are the following:

scheme
	https
host
	account.huly.waadoo.net
filename
	/auth/openid/callback
error
	invalid_state
error_description
	The state is missing or does not have enough characters and is therefore considered too weak. Request parameter 'state' must be at least be 8 characters long to ensure sufficient entropy.
state
	%7B%7D

Indeed, the state parameter length is less than 8 characters. Also there is not nonce parameter sent.

In my browser's console, I see log loaded branding {}. The branding object is empty, maybe it's the problem since state parameter is forged from the branding.

Environment:

huly version: v0.6.389
Firefox: 133.0.3

Huly®: UBERF-8964
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@castaf