OpenID redirect timeout (Google, Auth0, ADFS)


#1

Hi I would like to use ADFS’s openID connection method.

I followed the configuration guidance for setting up OpenID.
I created an google openID account, an Auth0 account, as well as an ADFS account.
When I connect to the site I get redirected to the identity provides’ login screen. After I log in it tries to redirect to the callback URL (http://<FQDN>/login/oauth2/code/shinyproxy) but eventually fails. Here are the provider specific openid sections, and below is the full config.

on google and auth0:
google config:

openid:
    auth-url: https://accounts.google.com/o/oauth2/auth
    token-url: https://www.googleapis.com/oauth2/v3/token
    jwks-url: https://www.googleapis.com/oauth2/v1/certs
    client-id: xxx
    client-secret: xxx

auth0 config:

openid:
    auth-url: https://test-dstore1.eu.auth0.com/authorize
    token-url: https://test-dstore1.eu.auth0.com/oauth/token
    jwks-url: https://test-dstore1.eu.auth0.com/.well-known/jwks.json
    client-id: xxx
    client-secret: xxx


2018-09-25 18:03:10.427 ERROR 7500 --- [  XNIO-2 task-4] io.undertow.request                      : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.StackOverflowError: null
        at java.lang.StringCoding$StringDecoder.decode(StringCoding.java:153) ~[na:1.8.0_171]
        at java.lang.StringCoding.decode(StringCoding.java:193) ~[na:1.8.0_171]
        at java.lang.String.<init>(String.java:426) ~[na:1.8.0_171]
        at java.lang.String.<init>(String.java:491) ~[na:1.8.0_171]
        at java.net.SocketOutputStream.socketWrite0(Native Method) ~[na:1.8.0_171]

on ADFS:

config:

openid:
    auth-url: https://URL/adfs/oauth2/authorize
    token-url: https://URL/adfs/oauth2/token
    jwks-url: https://URL/adfs/discovery/keys
    client-id: xxx
    client-secret: xxx

2018-09-19 16:42:31.413 ERROR 7445 --- [  XNIO-2 task-7] io.undertow.request                      : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.StackOverflowError: null
        at java.lang.Exception.<init>(Exception.java:102) ~[na:1.8.0_171]
        at java.lang.ReflectiveOperationException.<init>(ReflectiveOperationException.java:89) ~[na:1.8.0_171]
        at java.lang.reflect.InvocationTargetException.<init>(InvocationTargetException.java:72) ~[na:1.8.0_171]
        at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source) ~[na:na]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
       
...

2018-09-19 16:42:33.652 ERROR 7445 --- [ XNIO-2 task-10] io.undertow.request                      : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.IllegalArgumentException: Missing attribute 'email' in attributes
        at org.springframework.security.oauth2.core.user.DefaultOAuth2User.<init>(DefaultOAuth2User.java:67) ~[spring-security-oauth2-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.<init>(DefaultOidcUser.java:89) ~[spring-security-oauth2-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at 

With the full config:

proxy:
  title: Open Analytics Shiny Proxy
  logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
  landing-page: /
  heartbeat-rate: 10000
  heartbeat-timeout: 60000
  port: 8080
  authentication: openid
  #admin-groups: scientists
  openid:
   [provider dependent]
  # Docker configuration
  docker:
    url: http://localhost:2375
    port-range-start: 20000
  support:
    container-log-path: ./container-logs
  specs:
  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    #access-groups: [scientists, mathematicians]
  - id: 06_tabsets
    container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
    container-image: openanalytics/shinyproxy-demo
    #access-groups: scientists

logging:
  file:
    shinyproxy.log

I am using the latest master version from github (2.0.4)


#2

The timeout was due to the company proxy.