authenticating to Gluu auth server and retrieving user info after successful login #61

popefinn · 2019-01-29T17:07:15Z

I'm using vouch-proxy to connect to a Gluu auth server using the following config:

# vouch config
# bare minimum to get vouch running with OpenID Connect (such as okta)

vouch:
  # domains:
  # valid domains that the jwt cookies can be set into
  # the callback_urls will be to these domains
  # domains:
  #- magnitudesurveys.com
  #- magnitudesurveys.co.uk

  logLevel: debug

  # - OR -
  # instead of setting specific domains you may prefer to allow all users...
  # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider
  allowAllUsers: true

testing: true

cookie:
  name: MSVouchCookie
  domain: magnitudesurveys.com
  secure: true
  httpOnly: true

oauth:
  # Generic OpenID Connect
  # including okta
  provider: oidc
  client_id: "@!XXXXXXXXXXXXX"
  client_secret: "XXXXXXXXXXXXX"
  auth_url: "https://sso.magnitudesurveys.com/oxauth/restv1/authorize"
  token_url: "https://sso.magnitudesurveys.com/oxauth/restv1/token"
  user_info_urls: "https://sso.magnitudesurveys.com/oxauth/restv1/userinfo"
  scopes:
    - email
    - openid
  callback_url: "https://login.magnitudesurveys.com/auth"

I'm getting the following error:

DEBU[0007] /auth
ERRO[0007] Get : unsupported protocol scheme ""

after logging in at gluu

The text was updated successfully, but these errors were encountered:

bnfinet · 2019-01-29T18:44:09Z

hmm, that doesn't appear to be an Error in the Vouch Proxy code base. I'm guessing it's generated during the request for User info from Gluu. Aha!.. Looks like `user_info_urls` should be `user_info_url` in your config I'm uncertain of the user info that Gluu auth server would return, but I'm hopeful. Please do let us know if you get Vouch Proxy working with Gluu.

…

On Tue, Jan 29, 2019 at 9:07 AM popefinn ***@***.***> wrote: I'm using vouch-proxy to connect to a Gluu auth server using the following config: # vouch config # bare minimum to get vouch running with OpenID Connect (such as okta) vouch: # domains: # valid domains that the jwt cookies can be set into # the callback_urls will be to these domains # domains: #- magnitudesurveys.com #- magnitudesurveys.co.uk logLevel: debug # - OR - # instead of setting specific domains you may prefer to allow all users... # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider allowAllUsers: true testing: true cookie: name: MSVouchCookie domain: magnitudesurveys.com secure: true httpOnly: true oauth: # Generic OpenID Connect # including okta provider: oidc client_id: "@!30EB.0CC0.85AF.9406!0001!1CA3.2DC9!0008!6C98.0808.861E.9697" client_secret: "8burIdoiclhvBOhq4IufF142" auth_url: "https://sso.magnitudesurveys.com/oxauth/restv1/authorize" token_url: "https://sso.magnitudesurveys.com/oxauth/restv1/token" user_info_urls: "https://sso.magnitudesurveys.com/oxauth/restv1/userinfo" scopes: - email - openid callback_url: "https://login.magnitudesurveys.com/auth" I'm getting the following error: DEBU[0007] /auth ERRO[0007] Get : unsupported protocol scheme "" after logging in at gluu — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#61>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABNK62lYgF2zHJih6FlXMqRAEtpbic9zks5vIH_DgaJpZM4aYgp_> .

popefinn · 2019-01-29T21:26:02Z

Ahh, the plural issue solved that problem:

Now i'm onto the next issue.

Login works and vouch returns 302 (and /validate returns 200 OK)

Then a 'too many redirects' chrome occurs, this is followed by:

oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

vouch-proxy log is:
DEBU[0000] logLevel set to debug INFO[0000] jwt.secret read from config/secret WARN[0000] generating random session.key INFO[0000] configuring oidc OAuth with Endpoint https://sso.magnitudesurveys.com/oxauth/restv1/authorize DEBU[0000] vouch.jwt.secret is 44 characters long DEBU[0000] vouch.session.key is 44 characters long DEBU[0000] checking availability of tcp port: 0.0.0.0:9090 DEBU[0000] map[jwt:map[secret:zCQtmVvXjitS7jFp7CI3PYsLxZ8EXdtmDBkV1lQAfAyK7cNAdJd6B6cWTzXebWH maxage:3600] vouch:map[allowallusers:true loglevel:debug] oauth:map[auth_url:https://sso.magnitudesurveys.com/oxauth/restv1/authorize token_url:https://sso.magnitudesurveys.com/oxauth/restv1/token user_info_url:https://sso.magnitudesurveys.com/oxauth/restv1/userinfo callback_url:https://login.magnitudesurveys.com/auth scopes:[email openid] provider:oidc client_id:@!30EB.0CC0.85AF.9406!0001!1CA3.2DC9!0008!6C98.0808.861E.9697 client_secret:8burIdoiclhvBOhq4IufF142]] INFO[0000] starting Vouch branch=undefined buildhost=undefined buildtime=undefined listen="0.0.0.0:9090" semver=undefined version=undefined DEBU[0000] serving static files from /static DEBU[0009] Request received : &{GET /validate HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; mediawiki_session=i55rtf652f6483b6ldtv6fkv75f8u376] Connection:[close]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40818 /validate <nil> <nil> <nil> 0xc00014ac90} DEBU[0009] /validate ERRO[0009] no jwt found in request DEBU[0009] CaptureWriter.WriteHeader set w.StatusCode 401 DEBU[0009] Request handled successfully: 401 INFO[0009] | 401 | 103.72µs /validate avgLatency=" 103.72µs" host=login.magnitudesurveys.com ipPort="127.0.0.1:40818" latency=" 103.72µs" method=GET path=/validate referer= request=1 statusCode=401 DEBU[0009] Request received : &{GET /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTOXVLDIBRA4R05zV81jxptvGiT2lggvDhwUy00NIzRobD6TjZwzncM5KRq1K0mcIiQNBpmuOwLrGANZ8dpRcq7YyAJpjQou_kTHazB9v9Yl150iek5WQlOHhXbXJQdVwPbj5jRMFhaYCiMCkUiwxJt3FDTCMYp3nkt-MmDma7N50fePr9ctwaz94o4zLYLhqmMGrnMf5_Sio-v7MHu5Nucf3dtOaGMh6_o53M6eX9P83LHftLY3wIAAP__cODolM0AAAA=; VouchSession=MTU0ODc5Njg3N3xEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzUVVOUFJuRlRZa05YYUZoNFNsSXpUblJLV0dORk0wOXZZbkZNVW1ob2NtNUxURTVGY0VobU1qVkhaejBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUFCbk4wY21sdVp3d2xBQ05vZEhSd2N6b3ZMM0J5YjNoNUxtMWhaMjVwZEhWa1pYTjFjblpsZVhNdVkyOXRMd05wYm5RRUFnQUF8lthtFfH6SL0VOjtkOAnqUh3XRMRM3R41Vr783xTaCBc=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40820 /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc000140c30} DEBU[0009] /login ERRO[0009] securecookie: the value is not valid DEBU[0009] session state set to vQPDyOyMa5TEsi9RtR26LD6tj20ZBU8bPA273FsOn5Q= DEBU[0009] session requestedURL set to https://proxy.magnitudesurveys.com/ DEBU[0009] saving session DEBU[0009] redirecting to oauthURL https://sso.magnitudesurveys.com/oxauth/restv1/authorize?client_id=%40%2130EB.0CC0.85AF.9406%210001%211CA3.2DC9%210008%216C98.0808.861E.9697&redirect_uri=https%3A%2F%2Flogin.magnitudesurveys.com%2Fauth&response_type=code&scope=email+openid&state=vQPDyOyMa5TEsi9RtR26LD6tj20ZBU8bPA273FsOn5Q%3D DEBU[0009] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0009] Request handled successfully: 302 INFO[0009] | 302 | 471.293µs /login avgLatency=" 287.506µs" host=login.magnitudesurveys.com ipPort="127.0.0.1:40820" latency=" 471.293µs" method=GET path=/login referer= request=2 statusCode=302 DEBU[0009] Request received : &{GET /auth?code=b2e5a5c1-ed89-4169-bfe7-fcabd2db1593&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=vQPDyOyMa5TEsi9RtR26LD6tj20ZBU8bPA273FsOn5Q%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV84Yl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzZGxGUVJIbFBlVTFoTlZSRmMyazVVblJTTWpaTVJEWjBhakl3V2tKVk9HSlFRVEkzTTBaelQyNDFVVDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUpRQWphSFIwY0hNNkx5OXdjbTk0ZVM1dFlXZHVhWFIxWkdWemRYSjJaWGx6TG1OdmJTOEdjM1J5YVc1bkRDVUFJMmgwZEhCek9pOHZjSEp2ZUhrdWJXRm5ibWwwZFdSbGMzVnlkbVY1Y3k1amIyMHZBMmx1ZEFRQ0FBST18AF5qvwyO31V2jmjaaEerQ33_zNlZOFrUbSS_rtZHr-E=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40822 /auth?code=b2e5a5c1-ed89-4169-bfe7-fcabd2db1593&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=vQPDyOyMa5TEsi9RtR26LD6tj20ZBU8bPA273FsOn5Q%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc000141590} DEBU[0009] /auth INFO[0010] OpenID userinfo body: {"sub":"65fPElAkiYgmS-vh2wZa-9DVYVv7Tat5jmcAzaZg-JE","email_verified":false,"email":"f.pope-carter@magnitudesurveys.co.uk"} DEBU[0010] CallbackHandler DEBU[0010] {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 0 0 0} DEBU[0010] skipping verify user since cfg.Cfg.AllowAllUsers is true DEBU[0010] key is f.pope-carter@magnitudesurveys.co.uk DEBU[0010] retrieved f.pope-carter@magnitudesurveys.co.uk from db DEBU[0010] userexists.. keeping time at 1548794501 DEBU[0010] user created {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 1548794501 1548797097 0} DEBU[0010] token: &{ 0xc00000dc40 map[typ:JWT alg:HS256] {f.pope-carter@magnitudesurveys.co.uk [] { 1548811497 0 Vouch 0 }} false} DEBU[0010] token expires: 1548811497 DEBU[0010] diff from now: 14400 DEBU[0010] compressed string: H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA= DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 197.40864ms /auth avgLatency=65.99455ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40822" latency=197.40864ms method=GET path=/auth referer= request=3 statusCode=302 DEBU[0010] Request received : &{GET /validate HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; mediawiki_session=i55rtf652f6483b6ldtv6fkv75f8u376] Connection:[close]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40828 /validate <nil> <nil> <nil> 0xc0001401b0} DEBU[0010] /validate ERRO[0010] no jwt found in request DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 401 DEBU[0010] Request handled successfully: 401 INFO[0010] | 401 | 47.123µs /validate avgLatency=49.507694ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40828" latency=" 47.123µs" method=GET path=/validate referer= request=4 statusCode=401 DEBU[0010] Request received : &{GET /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA=; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzZGxGUVJIbFBlVTFoTlZSRmMyazVVblJTTWpaTVJEWjBhakl3V2tKVk9HSlFRVEkzTTBaelQyNDFVVDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUFCbk4wY21sdVp3d2xBQ05vZEhSd2N6b3ZMM0J5YjNoNUxtMWhaMjVwZEhWa1pYTjFjblpsZVhNdVkyOXRMd05wYm5RRUFnQUF8DD2cjunctWK3lTrmFg7JqNpqTzGzHszxhIuUUEAwPNg=] Connection:[close]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40830 /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc00012aab0} DEBU[0010] /login DEBU[0010] session state set to ryVZTq6hvGBlVx43HktUrE+TF6lLSE11H0Zrc7A2Rok= DEBU[0010] session requestedURL set to https://proxy.magnitudesurveys.com/ DEBU[0010] failcount for https://proxy.magnitudesurveys.com/ is 0 DEBU[0010] saving session DEBU[0010] redirecting to oauthURL https://sso.magnitudesurveys.com/oxauth/restv1/authorize?client_id=%40%2130EB.0CC0.85AF.9406%210001%211CA3.2DC9%210008%216C98.0808.861E.9697&redirect_uri=https%3A%2F%2Flogin.magnitudesurveys.com%2Fauth&response_type=code&scope=email+openid&state=ryVZTq6hvGBlVx43HktUrE%2BTF6lLSE11H0Zrc7A2Rok%3D DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 289.683µs /login avgLatency=39.664092ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40830" latency=" 289.683µs" method=GET path=/login referer= request=5 statusCode=302 DEBU[0010] Request received : &{GET /auth?code=1aceca59-8c0e-4054-9824-d5c0bf307750&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=ryVZTq6hvGBlVx43HktUrE%2BTF6lLSE11H0Zrc7A2Rok%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV84Yl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzY25sV1dsUnhObWgyUjBKc1ZuZzBNMGhyZEZWeVJTdFVSalpzVEZORk1URklNRnB5WXpkQk1sSnZhejBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUpRQWphSFIwY0hNNkx5OXdjbTk0ZVM1dFlXZHVhWFIxWkdWemRYSjJaWGx6TG1OdmJTOEdjM1J5YVc1bkRDVUFJMmgwZEhCek9pOHZjSEp2ZUhrdWJXRm5ibWwwZFdSbGMzVnlkbVY1Y3k1amIyMHZBMmx1ZEFRQ0FBST18_wcNPqfM408APzHY4aylXJUMEIZuu1J8t2TOzBltqQE=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40832 /auth?code=1aceca59-8c0e-4054-9824-d5c0bf307750&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=ryVZTq6hvGBlVx43HktUrE%2BTF6lLSE11H0Zrc7A2Rok%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc000140d50} DEBU[0010] /auth INFO[0010] OpenID userinfo body: {"sub":"65fPElAkiYgmS-vh2wZa-9DVYVv7Tat5jmcAzaZg-JE","email_verified":false,"email":"f.pope-carter@magnitudesurveys.co.uk"} DEBU[0010] CallbackHandler DEBU[0010] {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 0 0 0} DEBU[0010] skipping verify user since cfg.Cfg.AllowAllUsers is true DEBU[0010] key is f.pope-carter@magnitudesurveys.co.uk DEBU[0010] retrieved f.pope-carter@magnitudesurveys.co.uk from db DEBU[0010] userexists.. keeping time at 1548794501 DEBU[0010] user created {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 1548794501 1548797097 0} DEBU[0010] token: &{ 0xc00000dc40 map[typ:JWT alg:HS256] {f.pope-carter@magnitudesurveys.co.uk [] { 1548811497 0 Vouch 0 }} false} DEBU[0010] token expires: 1548811497 DEBU[0010] diff from now: 14400 DEBU[0010] compressed string: H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA= DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 42.968161ms /auth avgLatency=40.21477ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40832" latency=42.968161ms method=GET path=/auth referer= request=6 statusCode=302 DEBU[0010] Request received : &{GET /validate HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; mediawiki_session=i55rtf652f6483b6ldtv6fkv75f8u376] Connection:[close]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40836 /validate <nil> <nil> <nil> 0xc000087590} DEBU[0010] /validate ERRO[0010] no jwt found in request DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 401 DEBU[0010] Request handled successfully: 401 INFO[0010] | 401 | 46.408µs /validate avgLatency=34.476433ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40836" latency=" 46.408µs" method=GET path=/validate referer= request=7 statusCode=401 DEBU[0010] Request received : &{GET /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA=; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzY25sV1dsUnhObWgyUjBKc1ZuZzBNMGhyZEZWeVJTdFVSalpzVEZORk1URklNRnB5WXpkQk1sSnZhejBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUFCbk4wY21sdVp3d2xBQ05vZEhSd2N6b3ZMM0J5YjNoNUxtMWhaMjVwZEhWa1pYTjFjblpsZVhNdVkyOXRMd05wYm5RRUFnQUF8C2peVx_4EpXpL3cyWs_dpFtJbk0cjhdy826w6kmD48g=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40838 /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc000140390} DEBU[0010] /login DEBU[0010] session state set to B2PSGdIJaxHSETEehcBpNxpZ6igZ/pksqbHezDclHO8= DEBU[0010] session requestedURL set to https://proxy.magnitudesurveys.com/ DEBU[0010] failcount for https://proxy.magnitudesurveys.com/ is 0 DEBU[0010] saving session DEBU[0010] redirecting to oauthURL https://sso.magnitudesurveys.com/oxauth/restv1/authorize?client_id=%40%2130EB.0CC0.85AF.9406%210001%211CA3.2DC9%210008%216C98.0808.861E.9697&redirect_uri=https%3A%2F%2Flogin.magnitudesurveys.com%2Fauth&response_type=code&scope=email+openid&state=B2PSGdIJaxHSETEehcBpNxpZ6igZ%2FpksqbHezDclHO8%3D DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 474.822µs /login avgLatency=30.226232ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40838" latency=" 474.822µs" method=GET path=/login referer= request=8 statusCode=302 DEBU[0010] Request received : &{GET /auth?code=fa3235c6-c423-4d22-b984-4617fd27d930&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=B2PSGdIJaxHSETEehcBpNxpZ6igZ%2FpksqbHezDclHO8%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV84Yl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzUWpKUVUwZGtTVXBoZUVoVFJWUkZaV2hqUW5CT2VIQmFObWxuV2k5d2EzTnhZa2hsZWtSamJFaFBPRDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUpRQWphSFIwY0hNNkx5OXdjbTk0ZVM1dFlXZHVhWFIxWkdWemRYSjJaWGx6TG1OdmJTOEdjM1J5YVc1bkRDVUFJMmgwZEhCek9pOHZjSEp2ZUhrdWJXRm5ibWwwZFdSbGMzVnlkbVY1Y3k1amIyMHZBMmx1ZEFRQ0FBST186rnfTthGp9zw0O7UYPtTEho63dxDcy_0egMveiMd2X4=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40840 /auth?code=fa3235c6-c423-4d22-b984-4617fd27d930&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=B2PSGdIJaxHSETEehcBpNxpZ6igZ%2FpksqbHezDclHO8%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc000087d10} DEBU[0010] /auth INFO[0010] OpenID userinfo body: {"sub":"65fPElAkiYgmS-vh2wZa-9DVYVv7Tat5jmcAzaZg-JE","email_verified":false,"email":"f.pope-carter@magnitudesurveys.co.uk"} DEBU[0010] CallbackHandler DEBU[0010] {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 0 0 0} DEBU[0010] skipping verify user since cfg.Cfg.AllowAllUsers is true DEBU[0010] key is f.pope-carter@magnitudesurveys.co.uk DEBU[0010] retrieved f.pope-carter@magnitudesurveys.co.uk from db DEBU[0010] userexists.. keeping time at 1548794501 DEBU[0010] user created {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 1548794501 1548797097 0} DEBU[0010] token: &{ 0xc00000dc40 map[typ:JWT alg:HS256] {f.pope-carter@magnitudesurveys.co.uk [] { 1548811497 0 Vouch 0 }} false} DEBU[0010] token expires: 1548811497 DEBU[0010] diff from now: 14400 DEBU[0010] compressed string: H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA= DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 57.341583ms /auth avgLatency=33.239048ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40840" latency=57.341583ms method=GET path=/auth referer= request=9 statusCode=302 DEBU[0010] Request received : &{GET /validate HTTP/1.0 1 0 map[Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; mediawiki_session=i55rtf652f6483b6ldtv6fkv75f8u376]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40844 /validate <nil> <nil> <nil> 0xc0003832f0} DEBU[0010] /validate ERRO[0010] no jwt found in request DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 401 DEBU[0010] Request handled successfully: 401 INFO[0010] | 401 | 39.661µs /validate avgLatency=29.91911ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40844" latency=" 39.661µs" method=GET path=/validate referer= request=10 statusCode=401 DEBU[0010] Request received : &{GET /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTO306DMBSA8SfSDLsSuVRg5DTa_cGV0huzU6prWbFxM6x9esMLfN_PRHbGRtutZXBMkHELV5gOVJeQwxikKFnxaCLL9JOI6Dc31UIOvv_TTTGrNnO9ZCsl2Qt2mwn9ZTV0h4smIg5eUB2pw0izU1yiPAyNSOACyna2Sp5ncD93_rFfb6v6zquRvJUsaPK-YDokwp2W-fOkaE-bfF2kB0P6487YOty-w2-9U6-Y00_L91Ulv9J1_A8AAP__e0Dxr80AAAA=; VouchSession=MTU0ODc5NzA5N3xEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzUWpKUVUwZGtTVXBoZUVoVFJWUkZaV2hqUW5CT2VIQmFObWxuV2k5d2EzTnhZa2hsZWtSamJFaFBPRDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUFCbk4wY21sdVp3d2xBQ05vZEhSd2N6b3ZMM0J5YjNoNUxtMWhaMjVwZEhWa1pYTjFjblpsZVhNdVkyOXRMd05wYm5RRUFnQUF8bdis4_GmXZs7Rj0ZfwYzZzjNC-zVXi_ZgOrsRqepwGI=]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40846 /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc000383680} DEBU[0010] /login DEBU[0010] session state set to 0FA8DYUzcUTAlK4BE2VhMZJ4YV9GIZGmwCMvN8pMwFM= DEBU[0010] session requestedURL set to https://proxy.magnitudesurveys.com/ DEBU[0010] failcount for https://proxy.magnitudesurveys.com/ is 0 DEBU[0010] saving session DEBU[0010] redirecting to oauthURL https://sso.magnitudesurveys.com/oxauth/restv1/authorize?client_id=%40%2130EB.0CC0.85AF.9406%210001%211CA3.2DC9%210008%216C98.0808.861E.9697&redirect_uri=https%3A%2F%2Flogin.magnitudesurveys.com%2Fauth&response_type=code&scope=email+openid&state=0FA8DYUzcUTAlK4BE2VhMZJ4YV9GIZGmwCMvN8pMwFM%3D DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 279.512µs /login avgLatency=27.224602ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40846" latency=" 279.512µs" method=GET path=/login referer= request=11 statusCode=302 DEBU[0010] Request received : &{GET /auth?code=79429c5a-2cce-4c72-b6d0-f0c1328cfebf&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0FA8DYUzcUTAlK4BE2VhMZJ4YV9GIZGmwCMvN8pMwFM%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchSession=MTU0ODc5NzA5OHxEdi1CQkFFQ180SUFBUkFCRUFBQV84Yl9nZ0FEQm5OMGNtbHVad3dPQUF4eVpYRjFaWE4wWldSVlVrd0djM1J5YVc1bkRDVUFJMmgwZEhCek9pOHZjSEp2ZUhrdWJXRm5ibWwwZFdSbGMzVnlkbVY1Y3k1amIyMHZCbk4wY21sdVp3d2xBQ05vZEhSd2N6b3ZMM0J5YjNoNUxtMWhaMjVwZEhWa1pYTjFjblpsZVhNdVkyOXRMd05wYm5RRUFnQUNCbk4wY21sdVp3d0hBQVZ6ZEdGMFpRWnpkSEpwYm1jTUxnQXNNRVpCT0VSWlZYcGpWVlJCYkVzMFFrVXlWbWhOV2tvMFdWWTVSMGxhUjIxM1EwMTJUamh3VFhkR1RUMD18x-qHNySd_3kj4aBgZuUM6l5ppztru4NFdlOoN9YbjZI=]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40848 /auth?code=79429c5a-2cce-4c72-b6d0-f0c1328cfebf&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0FA8DYUzcUTAlK4BE2VhMZJ4YV9GIZGmwCMvN8pMwFM%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc000383f50} DEBU[0010] /auth INFO[0010] OpenID userinfo body: {"sub":"65fPElAkiYgmS-vh2wZa-9DVYVv7Tat5jmcAzaZg-JE","email_verified":false,"email":"f.pope-carter@magnitudesurveys.co.uk"} DEBU[0010] CallbackHandler DEBU[0010] {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 0 0 0} DEBU[0010] skipping verify user since cfg.Cfg.AllowAllUsers is true DEBU[0010] key is f.pope-carter@magnitudesurveys.co.uk DEBU[0010] retrieved f.pope-carter@magnitudesurveys.co.uk from db DEBU[0010] userexists.. keeping time at 1548794501 DEBU[0010] user created {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 1548794501 1548797098 0} DEBU[0010] token: &{ 0xc00000dc40 map[typ:JWT alg:HS256] {f.pope-carter@magnitudesurveys.co.uk [] { 1548811498 0 Vouch 0 }} false} DEBU[0010] token expires: 1548811498 DEBU[0010] diff from now: 14400 DEBU[0010] compressed string: H4sIAAAAAAAA_xTO0U6DMBSA4Tcyq8CWXRomeI4bRHBt15uFU4i0o9joFMrTL7zA_39dwJ5ybUqDcF6AFQZ-YawSncIWbl7yFPdPXUCmn3kgl91VDVtwlz-d7ydVM3uRuFESX0hkI7lh04pq0BEPreOJDomlkLAmrNHCtzlfwHqS9WSU7Cew33Px-RGXh9e5ONziY4peR6cVIyjitlnn1cnSzte7cGSqL89jfr_GnRPv-LVUJrui6Js3Woaf-H96BAAA__8OzXCAzQAAAA== DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 57.347379ms /auth avgLatency=29.734833ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40848" latency=57.347379ms method=GET path=/auth referer= request=12 statusCode=302 DEBU[0010] Request received : &{GET /validate HTTP/1.0 1 0 map[Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; mediawiki_session=i55rtf652f6483b6ldtv6fkv75f8u376] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40852 /validate <nil> <nil> <nil> 0xc000087590} DEBU[0010] /validate ERRO[0010] no jwt found in request DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 401 DEBU[0010] Request handled successfully: 401 INFO[0010] | 401 | 40.912µs /validate avgLatency=27.450686ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40852" latency=" 40.912µs" method=GET path=/validate referer= request=13 statusCode=401 DEBU[0010] Request received : &{GET /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTO0U6DMBSA4Tcyq8CWXRomeI4bRHBt15uFU4i0o9joFMrTL7zA_39dwJ5ybUqDcF6AFQZ-YawSncIWbl7yFPdPXUCmn3kgl91VDVtwlz-d7ydVM3uRuFESX0hkI7lh04pq0BEPreOJDomlkLAmrNHCtzlfwHqS9WSU7Cew33Px-RGXh9e5ONziY4peR6cVIyjitlnn1cnSzte7cGSqL89jfr_GnRPv-LVUJrui6Js3Woaf-H96BAAA__8OzXCAzQAAAA==; VouchSession=MTU0ODc5NzA5OHxEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dsQUNOb2RIUndjem92TDNCeWIzaDVMbTFoWjI1cGRIVmtaWE4xY25abGVYTXVZMjl0THdOcGJuUUVBZ0FBQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzTUVaQk9FUlpWWHBqVlZSQmJFczBRa1V5Vm1oTldrbzBXVlk1UjBsYVIyMTNRMDEyVGpod1RYZEdUVDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUF8WCP-L_uAQ0hKpc-NB-_3XVuLD7w7fE3sHfc-wGRh7FQ=]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40854 /login?url=https://proxy.magnitudesurveys.com/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc000087bf0} DEBU[0010] /login DEBU[0010] session state set to 0NdSloQZzm67m77D0EgP9OZBUEV+tG860NLA/RlyRNI= DEBU[0010] session requestedURL set to https://proxy.magnitudesurveys.com/ DEBU[0010] failcount for https://proxy.magnitudesurveys.com/ is 0 DEBU[0010] saving session DEBU[0010] redirecting to oauthURL https://sso.magnitudesurveys.com/oxauth/restv1/authorize?client_id=%40%2130EB.0CC0.85AF.9406%210001%211CA3.2DC9%210008%216C98.0808.861E.9697&redirect_uri=https%3A%2F%2Flogin.magnitudesurveys.com%2Fauth&response_type=code&scope=email+openid&state=0NdSloQZzm67m77D0EgP9OZBUEV%2BtG860NLA%2FRlyRNI%3D DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 495.273µs /login avgLatency=" 25.5253ms" host=login.magnitudesurveys.com ipPort="127.0.0.1:40854" latency=" 495.273µs" method=GET path=/login referer= request=14 statusCode=302 DEBU[0010] Request received : &{GET /auth?code=92710158-9980-4631-9634-c22c05602ec8&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0NdSloQZzm67m77D0EgP9OZBUEV%2BtG860NLA%2FRlyRNI%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchSession=MTU0ODc5NzA5OHxEdi1CQkFFQ180SUFBUkFCRUFBQV84Yl9nZ0FEQm5OMGNtbHVad3dsQUNOb2RIUndjem92TDNCeWIzaDVMbTFoWjI1cGRIVmtaWE4xY25abGVYTXVZMjl0THdOcGJuUUVBZ0FDQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzTUU1a1UyeHZVVnA2YlRZM2JUYzNSREJGWjFBNVQxcENWVVZXSzNSSE9EWXdUa3hCTDFKc2VWSk9TVDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUpRQWphSFIwY0hNNkx5OXdjbTk0ZVM1dFlXZHVhWFIxWkdWemRYSjJaWGx6TG1OdmJTOD18spXqL93sAnn9fJlNEQh60SY70V2EwPJOYD_6iQjT91I=] Connection:[close] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40856 /auth?code=92710158-9980-4631-9634-c22c05602ec8&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0NdSloQZzm67m77D0EgP9OZBUEV%2BtG860NLA%2FRlyRNI%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc00012a8d0} DEBU[0010] /auth INFO[0010] OpenID userinfo body: {"sub":"65fPElAkiYgmS-vh2wZa-9DVYVv7Tat5jmcAzaZg-JE","email_verified":false,"email":"f.pope-carter@magnitudesurveys.co.uk"} DEBU[0010] CallbackHandler DEBU[0010] {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 0 0 0} DEBU[0010] skipping verify user since cfg.Cfg.AllowAllUsers is true DEBU[0010] key is f.pope-carter@magnitudesurveys.co.uk DEBU[0010] retrieved f.pope-carter@magnitudesurveys.co.uk from db DEBU[0010] userexists.. keeping time at 1548794501 DEBU[0010] user created {f.pope-carter@magnitudesurveys.co.uk f.pope-carter@magnitudesurveys.co.uk 1548794501 1548797098 0} DEBU[0010] token: &{ 0xc00000dc40 map[typ:JWT alg:HS256] {f.pope-carter@magnitudesurveys.co.uk [] { 1548811498 0 Vouch 0 }} false} DEBU[0010] token expires: 1548811498 DEBU[0010] diff from now: 14400 DEBU[0010] compressed string: H4sIAAAAAAAA_xTO0U6DMBSA4Tcyq8CWXRomeI4bRHBt15uFU4i0o9joFMrTL7zA_39dwJ5ybUqDcF6AFQZ-YawSncIWbl7yFPdPXUCmn3kgl91VDVtwlz-d7ydVM3uRuFESX0hkI7lh04pq0BEPreOJDomlkLAmrNHCtzlfwHqS9WSU7Cew33Px-RGXh9e5ONziY4peR6cVIyjitlnn1cnSzte7cGSqL89jfr_GnRPv-LVUJrui6Js3Woaf-H96BAAA__8OzXCAzQAAAA== DEBU[0010] CaptureWriter.WriteHeader set w.StatusCode 302 DEBU[0010] Request handled successfully: 302 INFO[0010] | 302 | 58.678667ms /auth avgLatency=27.735524ms host=login.magnitudesurveys.com ipPort="127.0.0.1:40856" latency=58.678667ms method=GET path=/auth referer= request=15 statusCode=302 DEBU[0011] Request received : &{GET /auth?code=92710158-9980-4631-9634-c22c05602ec8&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0NdSloQZzm67m77D0EgP9OZBUEV%2BtG860NLA%2FRlyRNI%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Cookie:[_ga=GA1.2.314718375.1466370055; __cfduid=dc9391e1a92d4548a8d5bc703bbb22c5d1521717646; VouchCookie=H4sIAAAAAAAA_xTO0U6DMBSA4Tcyq8CWXRomeI4bRHBt15uFU4i0o9joFMrTL7zA_39dwJ5ybUqDcF6AFQZ-YawSncIWbl7yFPdPXUCmn3kgl91VDVtwlz-d7ydVM3uRuFESX0hkI7lh04pq0BEPreOJDomlkLAmrNHCtzlfwHqS9WSU7Cew33Px-RGXh9e5ONziY4peR6cVIyjitlnn1cnSzte7cGSqL89jfr_GnRPv-LVUJrui6Js3Woaf-H96BAAA__8OzXCAzQAAAA==; VouchSession=MTU0ODc5NzA5OHxEdi1CQkFFQ180SUFBUkFCRUFBQV82UF9nZ0FEQm5OMGNtbHVad3dsQUNOb2RIUndjem92TDNCeWIzaDVMbTFoWjI1cGRIVmtaWE4xY25abGVYTXVZMjl0THdOcGJuUUVBZ0FBQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01MZ0FzTUU1a1UyeHZVVnA2YlRZM2JUYzNSREJGWjFBNVQxcENWVVZXSzNSSE9EWXdUa3hCTDFKc2VWSk9TVDBHYzNSeWFXNW5EQTRBREhKbGNYVmxjM1JsWkZWU1RBWnpkSEpwYm1jTUFnQUF8NRSUL4-F_sTIAzVfSaI_78IIqNUORSZTunkPq2aTwbE=] Connection:[close] Cache-Control:[max-age=0] Accept-Language:[en-GB,en-US;q=0.9,en;q=0.8]] {} <nil> 0 [] true login.magnitudesurveys.com map[] map[] <nil> map[] 127.0.0.1:40858 /auth?code=92710158-9980-4631-9634-c22c05602ec8&scope=openid+email&session_id=e3c5aaa0-ea38-4403-bb8d-bc57fbd9fb58&state=0NdSloQZzm67m77D0EgP9OZBUEV%2BtG860NLA%2FRlyRNI%3D&session_state=1c708ab282eae077fe01a249d3d3eecff88b1df55ab8965216e8096b7956fff0.dc0f3980-4a43-462d-9645-8fa6fbade395 <nil> <nil> <nil> 0xc000382bd0} DEBU[0011] /auth ERRO[0011] oauth2: cannot fetch token: 400 Bad Request Response: {"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."} DEBU[0011] CaptureWriter.WriteHeader set w.StatusCode 400 DEBU[0011] Request handled successfully: 400

This seems to be an issue with Gluu but i'm not sure why it would log me in, then error.

The following options are available within Gluu, would any of them help?

bnfinet · 2019-01-29T22:07:54Z

for 'too many redirects' try setting vouch.testing: true which will force 302 redirects to render as an HTML page

It looks like you're getting the user info back, which is good and it appears to be trying to set a JWT but then it can't find it on the next round trip. Can you please check your nginx config as well as the vouch.domains where the cookie is getting set and make sure your Host headers is being passed properly?

and try setting vouch.allowAllUser: false

popefinn · 2019-01-29T22:13:36Z

Thanks

That was it, going back and looking at my domains again i found that i'd commented them out at some point.

All working now. Vouch using a Windows Active Directory via Gluu

bnfinet · 2019-01-29T22:34:45Z

so glad to hear it!

bnfinet added a commit that referenced this issue Jan 29, 2019

#61 add oauth config to BasicTest

f16e534

davidgibbons mentioned this issue Jan 29, 2019

panic: configuration error: oauth.auth_url not found #62

Closed

bnfinet added a commit that referenced this issue Jan 29, 2019

#62 #61 make auth_url check provider aware

22772be

bnfinet changed the title ~~ERRO[0007] Get : unsupported protocol scheme ""~~ authenticating to Gluu auth server and retrieving user info after successful login Jan 29, 2019

bnfinet closed this as completed Jan 29, 2019

bnfinet added a commit that referenced this issue May 22, 2020

#61 add oauth config to BasicTest

5be041d

bnfinet added a commit that referenced this issue May 22, 2020

#62 #61 make auth_url check provider aware

e12afd6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

authenticating to Gluu auth server and retrieving user info after successful login #61

authenticating to Gluu auth server and retrieving user info after successful login #61

popefinn commented Jan 29, 2019 •

edited

bnfinet commented Jan 29, 2019 via email •

edited

popefinn commented Jan 29, 2019

bnfinet commented Jan 29, 2019

popefinn commented Jan 29, 2019

bnfinet commented Jan 29, 2019

authenticating to Gluu auth server and retrieving user info after successful login #61

authenticating to Gluu auth server and retrieving user info after successful login #61

Comments

popefinn commented Jan 29, 2019 • edited

bnfinet commented Jan 29, 2019 via email • edited

popefinn commented Jan 29, 2019

bnfinet commented Jan 29, 2019

popefinn commented Jan 29, 2019

bnfinet commented Jan 29, 2019

popefinn commented Jan 29, 2019 •

edited

bnfinet commented Jan 29, 2019 via email •

edited