无法从 apache2 服务器接收 jwt 令牌请求

tag-icon tag-icon apache-2.4 openid mod-auth
无法从 apache2 服务器接收 jwt 令牌请求

我正在使用 OPENIDC 来保护 URL。mod_authopenidc 安装在我的 apache 服务器中。对用户进行身份验证后,我有一个批准按钮,单击该按钮时会将带有授权码和状态的响应发送回我的 apache。一旦该响应试图击中 apache,它会发送回 OIDCDefault URL(302 状态)而不是我的令牌端点。

[Tue Feb 02 15:35:12.595122 2021] [authz_core:debug] [pid 7525] mod_authz_core.c(809): 
    [client 192.168.20.122:43466] AH01626: authorization result of Require valid-user : denied 
    (no authenticated user yet), referer: 
    [Tue Feb 02 15:35:12.595217 2021] [authz_core:debug] [pid 7525] mod_authz_core.c(809): 
    [client 192.168.20.122:43466] AH01626: authorization result of <RequireAny>: denied (no 
    authenticated user yet), referer: 
    [Tue Feb 02 15:35:12.595256 2021] [auth_openidc:debug] [pid 7525] 
    src/mod_auth_openidc.c(4005): [client 192.168.20.122:43466] oidc_check_user_id: incoming 
    request: "/getbookingdata/secure?state=Y53fk4txWTuXfZOdW0VKLCP- 
    I_M&code=3e36705476b64317876a24b22370d9f1", ap_is_initial_req(r)=1, referer: 
    https:
    [Tue Feb 02 15:35:12.595282 2021] [auth_openidc:debug] [pid 7525] src/util.c(1062): [client 
    192.168.20.122:43466] oidc_util_get_cookie: returning "mod_auth_openidc_session" = <null>, 
    
    [Tue Feb 02 15:35:12.595296 2021] [auth_openidc:debug] [pid 7525] src/util.c(1224): [client 
    192.168.20.122:43466] oidc_util_request_matches_url: comparing 
    "/getbookingdata/secure"=="/getbookingdata/secure", referer: 
    
    [Tue Feb 02 15:35:12.595312 2021] [auth_openidc:debug] [pid 7525] 
    src/mod_auth_openidc.c(2225): [client 192.168.20.122:43466] 
    oidc_handle_redirect_authorization_response: enter, referer: 
    
    [Tue Feb 02 15:35:12.595411 2021] [auth_openidc:debug] [pid 7525] src/util.c(1548): [client 
    192.168.20.122:43466] oidc_util_read_form_encoded_params: read: 
    state=Y53fk4txWTuXfZOdW0VKLCP-I_M, referer: 
    [Tue Feb 02 15:35:12.595436 2021] [auth_openidc:debug] [pid 7525] src/util.c(1548): [client 
    192.168.20.122:43466] oidc_util_read_form_encoded_params: read: 
    code=3e36705476b64317876a24b22370d9f1, referer: 
    [Tue Feb 02 15:35:12.595448 2021] [auth_openidc:debug] [pid 7525] src/util.c(1553): [client 
    192.168.20.122:43466] oidc_util_read_form_encoded_params: parsed: 71 bytes into 2 elements, 
    referer:
    [Tue Feb 02 15:35:12.595458 2021] [auth_openidc:debug] [pid 7525] 
     src/mod_auth_openidc.c(2049): [client 192.168.20.122:43466] 
    oidc_handle_authorization_response: enter, response_mode=query, referer: 
  
   [Tue Feb 02 15:35:12.595484 2021] [auth_openidc:debug] [pid 7525] 
   src/mod_auth_openidc.c(1680): [client 192.168.20.122:43466] 
    oidc_authorization_response_match_state: enter (state=Y53fk4txWTuXfZOdW0VKLCP-I_M), referer: 
    
    [Tue Feb 02 15:35:12.595493 2021] [auth_openidc:debug] [pid 7525] 
    src/mod_auth_openidc.c(817): [client 192.168.20.122:43466] oidc_restore_proto_state: enter, 
    
   [Tue Feb 02 15:35:12.595510 2021] [auth_openidc:debug] [pid 7525] src/util.c(1062): [client 
   192.168.20.122:43466] oidc_util_get_cookie: returning 
   "mod_auth_openidc_state_Y53fk4txWTuXfZOdW0VKLCP-I_M" = <null>, referer: 
   
    [Tue Feb 02 15:35:12.595520 2021] [auth_openidc:error] [pid 7525] [client 
    192.168.20.122:43466] oidc_restore_proto_state: no 
    "mod_auth_openidc_state_Y53fk4txWTuXfZOdW0VKLCP-I_M" state cookie found, referer: 
  
   [Tue Feb 02 15:35:12.595530 2021] [auth_openidc:warn] [pid 7525] [client 
   192.168.20.122:43466] oidc_proto_peek_jwt_header: could not parse first element separated by 
   "." from input, 
   [Tue Feb 02 15:35:12.595539 2021] [auth_openidc:debug] [pid 7525] 
   src/mod_auth_openidc.c(544): [client 192.168.20.122:43466] oidc_unsolicited_proto_state: 
   enter: state header=(null), 
   [Tue Feb 02 15:35:12.595571 2021] [auth_openidc:debug] [pid 7525] src/util.c(2120): [client 
   192.168.20.122:43466] oidc_util_create_symmetric_key: key_len=32, referer: 
   https://identityprovider.com:8016/
   [Tue Feb 02 15:35:12.595632 2021] [auth_openidc:error] [pid 7525] [client 
   192.168.20.122:43466] oidc_unsolicited_proto_state: could not parse JWT from state: invalid 
   unsolicited response: [src/jose.c:809: oidc_jwt_parse]: cjose_jws_import failed: invalid 
   argument [file: jws.c, function: cjose_jws_import, line: 781], referer: 
   https://identityprovider.com:8016/
   [Tue Feb 02 15:35:12.595643 2021] [auth_openidc:error] [pid 7525] [client 
   192.168.20.122:43466] oidc_authorization_response_match_state: unable to restore state, 
   referer: https://identityprovider.com:8016/
   [Tue Feb 02 15:35:12.595652 2021] [auth_openidc:warn] [pid 7525] [client 
   192.168.20.122:43466] oidc_handle_authorization_response: invalid authorization response 
   state; a default SSO URL is set, sending the user there: 
   https://identityprovider.com:8016/login, referer: https://identityprovider.com:8016/
   [Tue Feb 02 15:35:12.595661 2021] [auth_openidc:debug] [pid 7525] src/util.c(2391): [client 
   192.168.20.122:43466] oidc_util_hdr_table_set: Location: 
   https://identityprovider.com:8016/login, referer: https://identityprovider.com:8016/

以上是来自 apache 的调试日志

来自 aut_mod_openidc.conf 文件的配置

OIDCProviderMetadataURL https://sp1.com:8014
OIDCClientID    12345
OIDCClientSecret        6789
OIDCCryptoPassphrase    bel@123
OIDCStateTimeout        60
OIDCResponseType        code
OIDCScope       "openid email profile"
OIDCProviderTokenEndpointAuth   client_secret_basic
OIDCSessionMaxDuration  86400
OIDCSSLValidateServer Off
OIDCCookiePath  /
OIDCCookie      mod_auth_openidc_session
OIDCDefaultURL  https://identityprovider.com:8016/login
OIDCCacheEncrypt        On
#OIDCProviderAuthRequestMethod  GET
OIDCRemoteUserClaim     preferred_username
OIDCProviderJwksUri     https://identityprovider.com:8016
OIDCCacheType   file
OIDCCacheDir    /var/cache/apache2/mod_auth_openidc/cache
OIDCCacheFileCleanInterval      60
OIDCSessionInactivityTimeout    5000
OIDCRemoteUserClaim     upn

我的问题可能是什么原因造成的?

相关内容