There was an error while logging in: request to the redirect_uri path but there's no session state found

[johndrummond]

I was looking for a openid connect op reverse proxy to authenticat with Azure AD and sit in openshift in front of an application server assuming I get it all to run and run not as root.
Initially I had the problem noted above on the checking issuer.
I tried the latest release of the lua-resty files listed in the docker file, trying all the master releases and got the error
"There was an error while logging in: request to the redirect_uri path but there's no session state found"
It looks like the error in
zmartzone/lua-resty-openidc#213
The error is raised line 1324 of openidc.lua as the session isn't present from the error called.
I'm grateful for any thoughts. I tried turning debug on in the dockerfile and rebuilding, but maybe I need to do that in the openresty docker to get that to work to provide more information.

[zandbelt]

that's usually a problem of a hostname/domainname mismatch between the URL that was accessed and the Redirect URI configured at the OP

[akaFalsh]

Having the same problem, but with ADFS which is configured with STS. After authentificating client is redirected to
http://localhost:51966/redirect_uri?code=B8uuRGjLiEGaKdzcgIXf9g.jsy7Bvyb1ggHASliOYkAYvctWXo.rC4REi5-lr8ujF6cQh1w9ss8V82n2l6jLtisfZZKWxpwH7XU8GzGS0PsYJw0-QIiWHwitqAZ6kiYhI4E9N7GEpp5xRR5RHrukFKg664N6Cf0UmkcOZTKvVNGfl1w3YG5T-HLwwarTjNZ33LRqm0gq7ebgskL1X3mTlJhlCfUJvzkX_ELcpNgFvO8a3_ZGMtpqQ1RFkMoEJXoe7N9OJSeH0ab-Xu_qCBtdn5Ay13T1HFPA3UWoksG6UdCXrvVWjHezSCHgodj10FAkwDlOi-JK3O1yGafsBuBlPRx12yd6RiMYGmb_SgfMvYP307Rj5rHDptvsWeKy4izmj5XGnwGbg&state=32da189baba212d31789e007fc1a9cbd
where http://localhost:51966 is address of container which runs a evry/oidc-proxy.
The error is: There was an error while logging in: request to the redirect_uri_path but there's no session state found
My settings are:
docker run -e OID_DISCOVERY=https://<my host>/adfs/.well-known/openid-configuration -e OID_CLIENT_ID=<valid client id> -e OID_CLIENT_SECRET=<valid secret> -e PROXY_HOST=<my local network ip> -e PROXY_PORT=<application port were it should be redirected after authentification> -e PROXY_PROTOCOL=http -e OIDC_RENEW_ACCESS_ TOKEN_ON_EXPIERY=true -p 51966:80 evry/oidc-proxy
When looking through https://<my host>/adfs/.well-known/openid-configuration I had not been able to find any redirect_uri path parameter.

[akaFalsh]

Checked domainname of adfs server resolution. It is resolved correctly.

[akaFalsh]

It seems like an issue can be with adfs settings which requires the redirect to be done to https endpoint.

[malagant]

Any further infos on this? I get the same with keycloak on kuberntes. PROXY_HOST points to a service running on port 80

[jd-daniels]

This happened to me because I hadn't set these:
OID_SESSION_SECRET
OID_SESSION_CHECK_SSI
OID_SESSION_NAME

after setting them, it works.

[tillkuhn]

Had the same issue, further to above setting OID_SESSION_NAME alone was sufficient to enable session state via cookie tracking.

[Tunjidir]

Hi Guys, I ran into this error when i was trying to configure this on my local machine which worked when i set the session secret, session check and session name, but when i try to also run the same configuration on a remote server, it still fails with the same error. any help?

here's a snap-shot of my configuration

version: "3"

services:
  web2:
    image: evry/oidc-proxy:latest
    volumes:
#      - ./nginx.conf2:/usr/local/openresty/nginx/conf/nginx.conf
      - ./html:/usr/local/openresty/nginx/html
    environment:
      - OID_SESSION_SECRET=623q4hR325t36VsCD3g567922IC0073T
      - OID_SESSION_CHECK_SSI=off
      - OID_SESSION_NAME=session

      - OID_REDIRECT_PATH=/
      - OID_DISCOVERY=https://<keycloak-auth-url>/realms/extranet/.well-known/openid-configuration
      - OID_CLIENT_ID=docs
      - OID_CLIENT_SECRET=8948dced-f9d3-4ea2-8f6b-09263e907d77

      - PROXY_HOST=docs2.olatunji.com
      - PROXY_PORT=2080
      - PROXY_PROTOCOL=https
    ports:
      - 2080:80