Integration of Authentication provider not possible

[iseeberg79]

Hello,
I need some help to integrate a SAML IdP. I am probably stuck at errors because of the auth_state table not returning results. I already tried serveral configurations and IdPs but was not successfull.

Browser error is 502, bade gateway - as a result for process errors like these:

seatsurfing-db-1 | 2023-12-13 12:45:43.221 UTC [33] ERROR: invalid input syntax for type uuid: ""
seatsurfing-db-1 | 2023-12-13 12:45:43.221 UTC [33] STATEMENT: SELECT id, auth_provider_id, expiry, auth_state_type, payload FROM auth_states WHERE id = $1
seatsurfing-server-1 | 2023/12/13 12:45:43 state not found for id
seatsurfing-server-1 | 2023/12/13 12:45:43 http: panic serving 172.18.0.5:36644: runtime error: invalid memory address or nil pointer dereference
seatsurfing-server-1 | goroutine 2752 [running]:
seatsurfing-server-1 | net/http.(*conn).serve.func1()
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:1868 +0xb9
seatsurfing-server-1 | panic({0x786900?, 0xac70f0?})
seatsurfing-server-1 | /usr/local/go/src/runtime/panic.go:920 +0x270
seatsurfing-server-1 | main.(*AuthRouter).callback(0x7?, {0x895290, 0xc0000dc380}, 0x7f50e6?)
seatsurfing-server-1 | /go/src/app/server/auth-router.go:410 +0x191
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0x412750?, {0x895290?, 0xc0000dc380?}, 0x7f5c24765f18?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | main.VerifyAuthMiddleware.func3({0x895290, 0xc0000dc380}, 0xc0002ee900)
seatsurfing-server-1 | /go/src/app/server/routes.go:198 +0x362
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0x895290?, {0x895290?, 0xc0000dc380?}, 0x895c78?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | main.CorsMiddleware.func1({0x895290, 0xc0000dc380}, 0xc00032bc50?)
seatsurfing-server-1 | /go/src/app/server/routes.go:139 +0x56
seatsurfing-server-1 | net/http.HandlerFunc.ServeHTTP(0xc0002ee800?, {0x895290?, 0xc0000dc380?}, 0x7f5bddbb9cb8?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2136 +0x29
seatsurfing-server-1 | github.com/gorilla/mux.(*Router).ServeHTTP(0xc000000300, {0x895290, 0xc0000dc380}, 0xc0002ee700)
seatsurfing-server-1 | /go/pkg/mod/github.com/gorilla/mux@v1.8.0/mux.go:210 +0x1c5
seatsurfing-server-1 | net/http.serverHandler.ServeHTTP({0xc00032b9b0?}, {0x895290?, 0xc0000dc380?}, 0x6?)
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2938 +0x8e
seatsurfing-server-1 | net/http.(*conn).serve(0xc00013e990, {0x895c78, 0xc0004121b0})
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:2009 +0x5f4
seatsurfing-server-1 | created by net/http.(*Server).Serve in goroutine 35
seatsurfing-server-1 | /usr/local/go/src/net/http/server.go:3086 +0x5cb

Please provide some help. From my point of view, inspecting the browser cookies, the authentication results are ok. Either there is a problem with the auth_state id which is returned by doing a sql query manually for table - or probably for the user profile url?

Configuration for the authentication provider (ADFS instead of Azure, but Azure and Keycloak with same results) is:

auth: https://auth.xxx.yyy/adfs/oauth2/authorize
token: https://auth.xxx.yyy/adfs/oauth2/token
userinfo: https://auth.xxx.yyy/adfs/userinfo

Thank you for your help.

kind regards,
Ingo

[ALZ-SteffenE]

For us this is also not working with Google OAuth.
Same error message: 502, bad gateway

[iseeberg79]

Hello, solved here by modification of reverse proxy redirection rules. Root cause was that the query parameters have not been forwarded. I was not able to get ADFS working because of a missing proper return value from the userinfo service. By design it's not working for ADFS services as email is not part of the token returned. Keycloak or other IdP (Azure, Google) have different behaviour. Finally it's working using Keycloak as IdP.

[iseeberg79]

solved