Authentication with Auth0 fails at request to /login

Justin · August 8, 2018, 11:32am

Hi all,

Thanks for the hard work on shinyproxy, especially with respect to the variety of authentication methods available.

I am trying to use Auth0 for authentication, but it seems that I am caught in an endless cycle of redirects when I try to connect to the shinyproxy server in the browser. This application is running under a nginx reverse proxy (using ssl certificates) and is hosted on AWS.

I added a callback URL to my registered app in the “Allowed callback URLs” section.

https://hemohub.com/login/oauth2/code/shinyproxy

I also added the openid parameters that are required in application.yml.

33%20PM

The Java stack trace is pasted below. Thanks!

Justin
Edit: I am using shinyproxy version 2.0.1

Java stack trace

2018-08-07 19:22:04.144 INFO 22875 — [main] e.o.c.ContainerProxyApplication : Started ContainerProxyApplication in 5.275 seconds (JVM running for 5.903)
2018-08-07 19:22:06.535 INFO 22875 — [XNIO-2 task-1] io.undertow.servlet : Initializing Spring FrameworkServlet ‘dispatcherServlet’
2018-08-07 19:22:06.535 INFO 22875 — [XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization started
2018-08-07 19:22:06.554 INFO 22875 — [XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization completed in 19 ms
2018-08-07 19:22:06.636 ERROR 22875 — [XNIO-2 task-1] io.undertow.request : UT005023: Exception handling request to /login

The following pattern repeats until the browser is closed

java.lang.StackOverflowError: null
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:158) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at com.sun.proxy.$Proxy77.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAda
pter.java:502) ~[spring-security-config-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_171]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:206) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at com.sun.proxy.$Proxy77.authenticate(Unknown Source) ~[na:na]

fmichielssen · August 8, 2018, 1:06pm

Hi @Justin,

A redirect loop might indicate a problem with the callback URL. To verify, can you enable debug logging in shinyproxy’s config file, and see if there’s any relevant information being logged?

E.g.

proxy:
  ...
logging:
  level:
    org.springframework.security: debug
  file:
    shinyproxy.log

Justin · August 8, 2018, 9:06pm

Hey @fmichielssen,

Thanks for the help. Do I need to extend my web server configuration when using a callback url?

These two lines are close to the head of the log.
2018-08-08 20:34:15.441 DEBUG 6407 — [main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {webSecurityConfig=eu.openanalytics.containerproxy.security.WebSecurityConfig$$EnhancerBySpringCGLIB$$16933fc3@7ca33c24}
2018-08-08 20:34:15.443 DEBUG 6407 — [main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.

And these lines precede the StackOverflowError:
2018-08-08 20:34:18.777 DEBUG 6407 — [XNIO-2 task-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1ffe7981
2018-08-08 20:34:18.779 DEBUG 6407 — [XNIO-2 task-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-08-08 20:34:18.779 DEBUG 6407 — [XNIO-2 task-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-08-08 20:34:18.786 ERROR 6407 — [XNIO-2 task-1] io.undertow.request : UT005023: Exception handling request to /login

Best,
Justin

Samy · February 21, 2019, 9:30pm

Hello - I’m facing the exact same issue - did you end up resolving this ?

Justin · February 22, 2019, 12:40am

Hi Samy,

I have not been able to resolve this issue, but I have not tried to use this feature in the latest version of shinyproxy. If you end up finding a solution, please let me know.

Best,
Justin

Samy · February 22, 2019, 2:05pm

Thanks Justin appreciate you coming back to me - will absolutely do if I find a way around this.