oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response

[djordje-petrovic]

Hi,

Here's the config:

_OIDCProviderMetadataURL https://example.com/.well-known/openid-configuration
OIDCClientID <redacted>
OIDCClientSecret <redacted>
OIDCCacheShmEntrySizeMax 120000
OIDCSessionInactivityTimeout 36000
OIDCStateTimeout 900
OIDCCookieDomain app.example.com
OIDCScope "openid profile name email"
OIDCRedirectURI https://app.example.com/secure/redirect_uri/
OIDCRedirectURLsAllowed ^https://apps.example1.com$
OIDCDefaultURL https://app.example.com/gallery/
OIDCHTMLErrorTemplate /var/www/html/custom_errors/mod_oidc_error.html
OIDCCryptoPassphrase secret
OIDCPassClaimsAs environment
OIDCStateMaxNumberOfCookies 2 true
OIDCCacheType shm
OIDCCacheShmMax 1500_

And the error during login process which ends with saml loop:

[Thu Dec 10 10:37:10.105931 2020] [auth_openidc:error] [pid 20662:tid 140547856869120] [client 10.135.7.100:48830] oidc_restore_proto_state: no "mod_auth_openidc_state_mgCtI0O5RlyYKJidxfLgOG9QA2c" state cookie found
[Thu Dec 10 10:37:10.105993 2020] [auth_openidc:error] [pid 20662:tid 140547856869120] [client 10.135.7.100:48830] oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response: [src/jose.c:808: oidc_jwt_parse]: cjose_jws_import failed: invalid argument [file: jws.c, function: cjose_jws_import, line: 781]
[Thu Dec 10 10:37:10.105996 2020] [auth_openidc:error] [pid 20662:tid 140547856869120] [client 10.135.7.100:48830] oidc_authorization_response_match_state: unable to restore state

I've looked through the old similar issues (notably this one https://github.com/zmartzone/mod_auth_openidc/issues/213) and the solutions in those don't work for us.
So any clues?

[zandbelt]

that's probably an issue with the Chrome browser and samesite cookies

[djordje-petrovic]

It happens in all browsers. Also this is response header for set-cookie: set-cookie: mod_auth_openidc_session=98aa2897-7fdb-4099-aa33-5436cb488821; Path=/; Domain=example.com; Secure; HttpOnly; SameSite=None Any ideas? ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Tuesday, December 15, 2020 5:51 PM, Hans Zandbelt ***@***.***> wrote: that's probably an issue with the Chrome browser and samesite cookies — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#500 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AD5B7A3S7WFRZOVAZODPWFDSU6HXNANCNFSM4U2JAKCA).

[zandbelt]

that's a set-cookie header for the session which seems to be correct; you mentioned a problem with the state cookie earlier, now I'm confused about what is wrong

[ganesh-bh]

@djordje-petrovic Did the issue got resolved?
I am facing similar issue in my application please help me