Topic on Extension talk:OpenID Connect

Redirect Loop - MediaWiki 1.39.10 - OpenID Connect 8.0.3

1
HadleySo (talkcontribs)

I'm experiencing a redirect loop after my SSO provider redirects to Special:PluggableAuthLogin. The OIDC SSO provider seems to be redirecting properly, its just OpenIDConnect redirecting Special:PluggableAuthLogin?state back to Special:PluggableAuthLogin.

Here are the debug logs:

Start request GET /wiki/Special:PluggableAuthLogin?state=07dbd59553fb0f9c8ebed8771d6aa47f&session_state=b56c1ea2-5975-4e66-876f-d1aadae65a89&iss=https%3A%2F%2Fsso.example.com&code=be5093f1-5273-4d74-913f-77b2eac806fe.b56c1ea2-5975-4e66-876f-d1aadae65a89.97d98546-6fa9-497c-af83-595c3af66152
IP: xxx
HTTP HEADERS:
PRIORITY: u=0, i
SEC-FETCH-USER: ?1
SEC-FETCH-SITE: none
SEC-FETCH-MODE: navigate
SEC-FETCH-DEST: document
UPGRADE-INSECURE-REQUESTS: 1
SEC-GPC: 1
DNT: 1
ACCEPT-ENCODING: br,gzip
TE: trailers
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-LANGUAGE: en-US,en;q=0.5
COOKIE: wiki_session=ua72ias8mb99gf6nht20c6q5e7vvv84j
CONNECTION: Keep-Alive
USER-AGENT: xxx
HOST: wiki.example.com
CONTENT-LENGTH: 
CONTENT-TYPE: 
(end headers)
[session] SessionManager using store APCUBagOStuff
[localisation] LocalisationCache using store LCStoreDB
[session] Session "ua72ias8mb99gf6nht20c6q5e7vvv84j" requested without UserID cookie
[SQLBagOStuff] MainObjectStash using store ReplicatedBagOStuff
[DBQuery] Wikimedia\Rdbms\DatabaseMysqlBase::open [0s] localhost: SET group_concat_max_len = 262144, `sql_mode` = 
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: request info {
    "IPAddress": "xxx",
    "UserAgent": "xxx",
    "ChronologyProtection": false,
    "ChronologyPositionIndex": 0,
    "ChronologyClientId": false
}
[DBReplication] ChronologyProtector using store APCUBagOStuff
[DBReplication] ChronologyProtector fetching positions for 2cadb52aa76dab2a339c763c86bd0b11
[DBReplication] Wikimedia\Rdbms\ChronologyProtector::applySessionReplicationPosition: DEFAULT (localhost) has no position
[DBConnection] Wikimedia\Rdbms\LoadBalancer::lazyLoadReplicationPositions: executed chronology callback.
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: opened new connection for local/0
[DBQuery] Wikimedia\Rdbms\DatabaseMysqlBase::serverIsReadOnly [0s] localhost: SELECT @@GLOBAL.read_only AS Value
[DBQuery] Wikimedia\Rdbms\Database::beginIfImplied (LCStoreDB::get) [0s] localhost: BEGIN
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'deps'  LIMIT 1  
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'list'  LIMIT 1  
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'preload'  LIMIT 1  
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'preload'  LIMIT 1  
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'specialPageAliases'  LIMIT 1  
[DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
[DBQuery] LCStoreDB::get [0s] localhost: SELECT  lc_value  FROM `my_wiki_l10n_cache`    WHERE lc_lang = 'en' AND lc_key = 'namespaceGenderAliases'  LIMIT 1  
ContextSource::getContext (MediaWiki\Skins\Vector\SkinVector22): called and $context is null. Using RequestContext::getMain()
[MessageCache] MessageCache using store APCUBagOStuff
[MessageCache] MessageCache::loadUnguarded: Loading en... local cache is empty, got from global cache
[PluggableAuth] In execute()
[PluggableAuth] Getting PluggableAuth instance
[PluggableAuth] Plugin name: OpenIDConnect
[OpenIDConnect] Redirect URL: https://wiki.example.com/wiki/Special:PluggableAuthLogin
[session] SessionBackend "ua72ias8mb99gf6nht20c6q5e7vvv84j" data dirty due to dirty(): Jumbojett\OpenIDConnectClient->commitSession/session_write_close/MediaWiki\Session\PHPSessionHandler->write/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "ua72ias8mb99gf6nht20c6q5e7vvv84j" data dirty due to dirty(): Jumbojett\OpenIDConnectClient->commitSession/session_write_close/MediaWiki\Session\PHPSessionHandler->write/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "ua72ias8mb99gf6nht20c6q5e7vvv84j" save: dataDirty=1 metaDirty=0 forcePersist=0
[session] Saving all sessions on shutdown
Reply to "Redirect Loop - MediaWiki 1.39.10 - OpenID Connect 8.0.3"