Skip to content

Received AuthN response without a SATOSA session cookie #487

New issue
New issue
Open
Open
Received AuthN response without a SATOSA session cookie#487
@gabrc52

Description

@gabrc52
gabrc52
opened on Feb 24, 2025

Some of my users are getting this error and are unable to login. I'm using SATOSA as a SAML to OpenID Connect proxy.

Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,495] [DEBUG] [satosa.proxy_server.unpack_post] unpack_post:: {'SAMLResponse': '[skipped for brevity of pasting the logs]', 'RelayState': 'u8RVcK4I8QK8aXGK'}
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,497] [DEBUG] [satosa.proxy_server.unpack_request] read request data: {'SAMLResponse': '[skipped]', 'RelayState': 'u8RVcK4I8QK8aXGK'}, 'query_params': {}, 'http_headers': {'HTTP_HOST': 'localhost:9999', 'HTTP_CONNECTION': 'close', 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br, zstd', 'HTTP_REFERER': 'https://okta.mit.edu/', 'HTTP_ORIGIN': 'https://okta.mit.edu', 'HTTP_COOKIE': ' _ga=GA1.2.1928801700.1729147367; _ga_R8TSBG6RMB=GS1.2.1732681261.9.0.1732681261.0.0.0; _hp2_props.3001039959=%7B%22Base.appName%22%3A%22Canvas%22%7D; _hp2_id.3001039959=%7B%22userId%22%3A%221983360643078916%22%2C%22pageviewId%22%3A%223955185603060480%22%2C%22sessionId%22%3A%228931659374261705%22%2C%22identity%22%3A%22uu-2-5a0e735754e31e6ed65568a25e701585be775f569195ef1217259a52be65da93-aBnMizi0Az3KJzfw5YssKxIjtQMk0eN5LLbvPCDn%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D; _ga_RWD7VEM8GR=GS1.2.1729806969.1.0.1729806969.0.0.0; _ga_TFJ43DV753=GS1.1.1731718030.1.1.1731718941.0.0.0', 'HTTP_UPGRADE_INSECURE_REQUESTS': '1', 'HTTP_SEC_FETCH_DEST': 'document', 'HTTP_SEC_FETCH_MODE': 'navigate', 'HTTP_SEC_FETCH_SITE': 'same-site', 'HTTP_PRIORITY': 'u=0, i', 'REMOTE_ADDR': '127.0.0.1', 'REMOTE_PORT': '55038'}, 'server_headers': {'SERVER_SOFTWARE': 'gunicorn/21.2.0', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SERVER_NAME': '0.0.0.0', 'SERVER_PORT': '9999'}}
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,503] [DEBUG] [satosa.base._load_state] [urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d] Loaded state {'SESSION_ID': 'urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d'} from cookie  _ga=GA1.2.1928801700.1729147367; _ga_R8TSBG6RMB=GS1.2.1732681261.9.0.1732681261.0.0.0; _hp2_props.3001039959=%7B%22Base.appName%22%3A%22Canvas%22%7D; _hp2_id.3001039959=%7B%22userId%22%3A%221983360643078916%22%2C%22pageviewId%22%3A%223955185603060480%22%2C%22sessionId%22%3A%228931659374261705%22%2C%22identity%22%3A%22uu-2-5a0e735754e31e6ed65568a25e701585be775f569195ef1217259a52be65da93-aBnMizi0Az3KJzfw5YssKxIjtQMk0eN5LLbvPCDn%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D; _ga_RWD7VEM8GR=GS1.2.1729806969.1.0.1729806969.0.0.0; _ga_TFJ43DV753=GS1.1.1731718030.1.1.1731718941.0.0.0
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,504] [DEBUG] [satosa.routing.endpoint_routing] [urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d] Routing path: touchstone/acs/post
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,505] [DEBUG] [satosa.routing._find_registered_endpoint_for_module] [urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d] Found registered endpoint: module name:'touchstone', endpoint: touchstone/acs/post
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,506] [INFO] [satosa.backends.saml2.authn_response] [urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d] {'message': 'Authentication failed', 'error': 'Received AuthN response without a SATOSA session cookie'}
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,507] [ERROR] [satosa.base.run] [urn:uuid:87a5b3ab-7b36-45b8-a4d5-8e4f86a0d10d] {'message': 'Missing SATOSA State', 'error': "{'message': 'Authentication failed', 'error': 'Received AuthN response without a SATOSA session cookie'}", 'error_id': 'urn:uuid:d5331036-2abb-496c-85c8-17b34568f09f'}
Feb 23 23:18:44 petrock gunicorn[1243483]: [2025-02-23 23:18:44,508] [ERROR] [satosa.proxy_server.__call__] {'message': 'Authentication failed', 'error': 'Received AuthN response without a SATOSA session cookie'}
Feb 23 23:18:44 petrock gunicorn[1243483]: Traceback (most recent call last):
Feb 23 23:18:44 petrock gunicorn[1243483]:   File "/home/oidc/.local/lib/python3.10/site-packages/satosa/proxy_server.py", line 160, in __call__
Feb 23 23:18:44 petrock gunicorn[1243483]:     resp = self.run(context)
Feb 23 23:18:44 petrock gunicorn[1243483]:   File "/home/oidc/.local/lib/python3.10/site-packages/satosa/base.py", line 268, in run
Feb 23 23:18:44 petrock gunicorn[1243483]:     resp = self._run_bound_endpoint(context, spec)
Feb 23 23:18:44 petrock gunicorn[1243483]:   File "/home/oidc/.local/lib/python3.10/site-packages/satosa/base.py", line 193, in _run_bound_endpoint
Feb 23 23:18:44 petrock gunicorn[1243483]:     return spec(context)
Feb 23 23:18:44 petrock gunicorn[1243483]:   File "/home/oidc/.local/lib/python3.10/site-packages/satosa/backends/saml2.py", line 419, in authn_response
Feb 23 23:18:44 petrock gunicorn[1243483]:     raise SATOSAMissingStateError(msg)
Feb 23 23:18:44 petrock gunicorn[1243483]: satosa.exception.SATOSAMissingStateError: {'message': 'Authentication failed', 'error': 'Received AuthN response without a SATOSA session cookie'}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,300] [DEBUG] [satosa.proxy_server.unpack_request] read request data: {}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,302] [DEBUG] [satosa.proxy_server.__call__] {'message': 'Proxy server received request', 'request_method': 'GET', 'request_uri': None, 'content_length': 0, 'request_data': {}, 'query_params': {}, 'http_headers': {'HTTP_HOST': 'localhost:9999', 'HTTP_CONNECTION': 'close', 'HTTP_ACCEPT': 'application/json', 'HTTP_USER_AGENT': 'openid-client/5.7.0 (https://github.com/panva/node-openid-client)', 'HTTP_ACCEPT_ENCODING': 'identity', 'REMOTE_ADDR': '127.0.0.1', 'REMOTE_PORT': '43170', 'HTTP_COOKIE': ''}, 'server_headers': {'SERVER_SOFTWARE': 'gunicorn/21.2.0', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SERVER_NAME': '0.0.0.0', 'SERVER_PORT': '9999'}}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,303] [DEBUG] [satosa.base._load_state] [urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13] Loaded state {'SESSION_ID': 'urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13'} from cookie
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,304] [DEBUG] [satosa.routing.endpoint_routing] [urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13] Routing path: .well-known/openid-configuration
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,305] [DEBUG] [satosa.routing.endpoint_routing] [urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13] Unknown backend .well-known
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,306] [DEBUG] [satosa.routing._find_registered_endpoint_for_module] [urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13] Found registered endpoint: module name:'oidc', endpoint: .well-known/openid-configuration
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,378] [DEBUG] [satosa.state.state_to_cookie] [urn:uuid:a5dfb666-d16b-4211-a207-e12fa0316c13] Saved state in cookie SATOSA_STATE with properties [('expires', ''), ('path', '/'), ('comment', ''), ('domain', ''), ('max-age', ''), ('secure', True), ('httponly', ''), ('version', ''), ('samesite', 'None')]
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,645] [DEBUG] [satosa.proxy_server.unpack_request] read request data: {'client_id': 'IJBCPLseBy1l', 'scope': 'openid email profile', 'response_type': 'code', 'redirect_uri': 'https://opengrades.mit.edu/api/auth/callback/mit-oidc', 'state': 'KcJLZUZiovnvbkJKCs6j_7ueNmmUi_d7-EqrYxwKYMs'}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,646] [DEBUG] [satosa.proxy_server.__call__] {'message': 'Proxy server received request', 'request_method': 'GET', 'request_uri': None, 'content_length': 0, 'request_data': {'client_id': 'IJBCPLseBy1l', 'scope': 'openid email profile', 'response_type': 'code', 'redirect_uri': 'https://opengrades.mit.edu/api/auth/callback/mit-oidc', 'state': 'KcJLZUZiovnvbkJKCs6j_7ueNmmUi_d7-EqrYxwKYMs'}, 'query_params': {'client_id': 'IJBCPLseBy1l', 'scope': 'openid email profile', 'response_type': 'code', 'redirect_uri': 'https://opengrades.mit.edu/api/auth/callback/mit-oidc', 'state': 'KcJLZUZiovnvbkJKCs6j_7ueNmmUi_d7-EqrYxwKYMs'}, 'http_headers': {'HTTP_HOST': 'localhost:9999', 'HTTP_CONNECTION': 'close', 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_UPGRADE_INSECURE_REQUESTS': '1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 'HTTP_SEC_FETCH_SITE': 'same-site', 'HTTP_SEC_FETCH_MODE': 'navigate', 'HTTP_SEC_FETCH_USER': '?1', 'HTTP_SEC_FETCH_DEST': 'document', 'HTTP_SEC_CH_UA': '"Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"', 'HTTP_SEC_CH_UA_MOBILE': '?0', 'HTTP_SEC_CH_UA_PLATFORM': '"Windows"', 'HTTP_REFERER': 'https://opengrades.mit.edu/', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br, zstd', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.9,ko;q=0.8', 'HTTP_COOKIE': ' fpestid=WrDpXvn9yQkuXxAbGztRNc1XRWTfJlhA-mpzNX2l93MkPPBcEa1H_G8QCigarHTuqf_Fuw; _ga_GZC1B4EWQD=GS1.1.1721329303.1.1.1721329772.0.0.0; _ga_RSB5VZ24H4=GS1.2.1722031705.1.0.1722031705.0.0.0; _ga_9NP94J247X=GS1.1.1722353311.3.1.1722353967.0.0.0; _ga_R8E68YJSPK=GS1.1.1722354565.3.0.1722354591.0.0.0; _ga_DLLWT5K0XX=GS1.1.1722354444.6.1.1722354870.0.0.0; _ga_MZ0RMBZGSY=GS1.2.1724082817.1.0.1724082823.0.0.0; _ga_RWD7VEM8GR=GS1.2.1724082828.2.0.1724082828.0.0.0; _ga_03E2REYYWV=GS1.1.1724960329.2.0.1724960337.0.0.0; _ga_PW4Z02MCFS=GS1.1.1724960329.2.0.1724960337.0.0.0; _ga_B3YDHBHK16=GS1.1.1726105912.1.0.1726105943.0.0.0; _ga_9N690GFS8K=GS1.1.1726105912.1.0.1726105943.0.0.0; _cs_c=0; _cs_id=2b4daaed-527b-a1ca-89d2-225e8bef52fb.1726439128.1.1726439128.1726439128.1.1760603128328.1; _uetvid=69113f1073b111ef86400ba1f6006edb|1ond8lv|1726439128502|1|1|bat.bing.com/p/insights/c/d; _ga_6MBWVKL298=GS1.1.1726439128.1.0.1726439140.48.0.0; _ga_6QXGK7CKTT=GS1.1.1726444352.2.0.1726444355.57.0.0; __gsas=ID=d5e2704178dfab1a:T=1726585216:RT=1726585216:S=ALNI_MaLa1lCH7nn7oKL8I7-G5FhVTv7uw; _ga_YNG7LYHMFL=GS1.1.1726585199.1.1.1726586789.0.0.0; _ga_V6GE2CH3Y2=GS1.2.1726606665.1.1.1726606972.0.0.0; _ga_R25YX21CMW=GS1.2.1726890618.1.0.1726890618.0.0.0; _hjSessionUser_3696576=eyJpZCI6IjM1YTZjNWNhLWU1OTktNTYyMC05NDEzLTdmYmZkMDFiNDVlMSIsImNyZWF0ZWQiOjE3Mjk5NjUzNDkwMzMsImV4aXN0aW5nIjp0cnVlfQ==; _ga_YYT4ZZQG9P=GS1.1.1730071382.3.1.1730071600.0.0.0; _ga_VTJH3BHFP8=GS1.1.1730251411.1.0.1730251784.60.0.0; _ga_XTFKGPQK2R=GS1.1.1730251411.1.0.1730251784.60.0.0; _ga_NWDK3DX66P=GS1.1.1730321136.1.1.1730321609.60.0.0; _ce.s=v~89470efbbbf75afc71e2e4989fe205604023cfb8~lcw~1730321609468~vir~new~lva~1730321137317~vpv~0~v11.cs~81572~v11.s~eb02c970-96ff-11ef-bcf0-f767b485e741~v11.sla~1730321609472~v11.send~1730321609468~lcw~1730321609472; _ga_KZ09YHE6JS=GS1.1.1731016122.1.1.1731016149.0.0.0; __hstc=205621196.6b51054191d310e30841f10dc96d320a.1731192811819.1731192811819.1731192811819.1; hubspotutk=6b51054191d310e30841f10dc96d320a; _ga_QHQ7FX68QG=GS1.1.1731192811.1.0.1731192839.0.0.0; _ga_EW2QNH134R=GS1.1.1731613993.1.1.1731615063.0.0.0; _ga_85CR1KWHDW=GS1.2.1733354959.1.1.1733355115.0.0.0; _ga_7F0QY2CKEC=GS1.1.1733354959.1.1.1733355133.0.0.0; _ga_TB1HXSVPRG=GS1.1.1733354959.1.1.1733355133.0.0.0; _ga_EGEP5GKBT8=GS1.1.1733597091.1.0.1733597095.0.0.0; _ga_8LXP0KTQX1=GS1.1.1733938588.1.1.1733938643.0.0.0; _hp2_props.3001039959=%7B%22Base.appName%22%3A%22Canvas%22%7D; _hp2_id.3001039959=%7B%22userId%22%3A%228380098618431080%22%2C%22pageviewId%22%3A%228263404083042979%22%2C%22sessionId%22%3A%226190933744679632%22%2C%22identity%22%3A%22uu-2-2eb6e98b50646c7507132b2723e82dfc233c73df18214ed911653cc54338b536-aBnMizi0Az3KJzfw5YssKxIjtQMk0eN5LLbvPCDn%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D; _ga_Z4CT6X6KZ9=GS1.1.1738806238.1.0.1738806242.0.0.0; _ga_5BGKP7GP4G=GS1.2.1739409946.1.0.1739409946.0.0.0; _ga_342NG5FVLH=GS1.1.1739409946.1.1.1739410082.0.0.0; _hjSessionUser_3031228=eyJpZCI6IjBkMDZmNDBiLTU1YzQtNTc0YS1iYmNjLWI0MTFlNjNmMWUxOSIsImNyZWF0ZWQiOjE3Mzk0MDk5NDEwNTMsImV4aXN0aW5nIjp0cnVlfQ==; _ga_VYPEJGRDJF=GS1.1.1739409940.1.1.1739410105.0.0.0; _ga_YYFR1GWPHW=GS1.1.1739413109.1.0.1739413120.0.0.0; _ga_S5BH0KM7VB=GS1.2.1739905947.27.1.1739906072.0.0.0; _ga_0302HMZBJ8=GS1.1.1739921970.18.1.1739923555.0.0.0; _gcl_au=1.1.518602444.1739926326; _fbp=fb.1.1739926326150.532557184730761016; _ga_X3TNE87YPK=GS1.1.1739926325.1.1.1739926687.60.0.0; _ga_23PLH19HNX=GS1.1.1740008783.1.1.1740008943.0.0.0; _ga_R8TSBG6RMB=GS1.2.1740245189.69.0.1740245189.0.0.0; _ga_R6KRQHZJBT=GS1.1.1740272404.3.0.1740272404.0.0.0; _ga_5EVDWQ3TEC=GS1.1.1740273655.6.1.1740273691.0.0.0; fs_uid=#o-1V47MT-na1#26db6986-e5cc-49ec-8da7-fb30a42abda9:d15e9750-214d-41ec-9fb4-b34653504fc1:1740273689050::10#745ba53b#/1762218956; _ga=GA1.2.671589718.1739926326; _gid=GA1.2.1492661393.1740355120; _ga_HMGCPE01DS=GS1.2.1740355120.7.0.1740355120.0.0.0', 'REMOTE_ADDR': '127.0.0.1', 'REMOTE_PORT': '43180'}, 'server_headers': {'SERVER_SOFTWARE': 'gunicorn/21.2.0', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SERVER_NAME': '0.0.0.0', 'SERVER_PORT': '9999'}}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,652] [DEBUG] [satosa.base._load_state] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Loaded state {'SESSION_ID': 'urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4'} from cookie  fpestid=WrDpXvn9yQkuXxAbGztRNc1XRWTfJlhA-mpzNX2l93MkPPBcEa1H_G8QCigarHTuqf_Fuw; _ga_GZC1B4EWQD=GS1.1.1721329303.1.1.1721329772.0.0.0; _ga_RSB5VZ24H4=GS1.2.1722031705.1.0.1722031705.0.0.0; _ga_9NP94J247X=GS1.1.1722353311.3.1.1722353967.0.0.0; _ga_R8E68YJSPK=GS1.1.1722354565.3.0.1722354591.0.0.0; _ga_DLLWT5K0XX=GS1.1.1722354444.6.1.1722354870.0.0.0; _ga_MZ0RMBZGSY=GS1.2.1724082817.1.0.1724082823.0.0.0; _ga_RWD7VEM8GR=GS1.2.1724082828.2.0.1724082828.0.0.0; _ga_03E2REYYWV=GS1.1.1724960329.2.0.1724960337.0.0.0; _ga_PW4Z02MCFS=GS1.1.1724960329.2.0.1724960337.0.0.0; _ga_B3YDHBHK16=GS1.1.1726105912.1.0.1726105943.0.0.0; _ga_9N690GFS8K=GS1.1.1726105912.1.0.1726105943.0.0.0; _cs_c=0; _cs_id=2b4daaed-527b-a1ca-89d2-225e8bef52fb.1726439128.1.1726439128.1726439128.1.1760603128328.1; _uetvid=69113f1073b111ef86400ba1f6006edb|1ond8lv|1726439128502|1|1|bat.bing.com/p/insights/c/d; _ga_6MBWVKL298=GS1.1.1726439128.1.0.1726439140.48.0.0; _ga_6QXGK7CKTT=GS1.1.1726444352.2.0.1726444355.57.0.0; __gsas=ID=d5e2704178dfab1a:T=1726585216:RT=1726585216:S=ALNI_MaLa1lCH7nn7oKL8I7-G5FhVTv7uw; _ga_YNG7LYHMFL=GS1.1.1726585199.1.1.1726586789.0.0.0; _ga_V6GE2CH3Y2=GS1.2.1726606665.1.1.1726606972.0.0.0; _ga_R25YX21CMW=GS1.2.1726890618.1.0.1726890618.0.0.0; _hjSessionUser_3696576=eyJpZCI6IjM1YTZjNWNhLWU1OTktNTYyMC05NDEzLTdmYmZkMDFiNDVlMSIsImNyZWF0ZWQiOjE3Mjk5NjUzNDkwMzMsImV4aXN0aW5nIjp0cnVlfQ==; _ga_YYT4ZZQG9P=GS1.1.1730071382.3.1.1730071600.0.0.0; _ga_VTJH3BHFP8=GS1.1.1730251411.1.0.1730251784.60.0.0; _ga_XTFKGPQK2R=GS1.1.1730251411.1.0.1730251784.60.0.0; _ga_NWDK3DX66P=GS1.1.1730321136.1.1.1730321609.60.0.0; _ce.s=v~89470efbbbf75afc71e2e4989fe205604023cfb8~lcw~1730321609468~vir~new~lva~1730321137317~vpv~0~v11.cs~81572~v11.s~eb02c970-96ff-11ef-bcf0-f767b485e741~v11.sla~1730321609472~v11.send~1730321609468~lcw~1730321609472; _ga_KZ09YHE6JS=GS1.1.1731016122.1.1.1731016149.0.0.0; __hstc=205621196.6b51054191d310e30841f10dc96d320a.1731192811819.1731192811819.1731192811819.1; hubspotutk=6b51054191d310e30841f10dc96d320a; _ga_QHQ7FX68QG=GS1.1.1731192811.1.0.1731192839.0.0.0; _ga_EW2QNH134R=GS1.1.1731613993.1.1.1731615063.0.0.0; _ga_85CR1KWHDW=GS1.2.1733354959.1.1.1733355115.0.0.0; _ga_7F0QY2CKEC=GS1.1.1733354959.1.1.1733355133.0.0.0; _ga_TB1HXSVPRG=GS1.1.1733354959.1.1.1733355133.0.0.0; _ga_EGEP5GKBT8=GS1.1.1733597091.1.0.1733597095.0.0.0; _ga_8LXP0KTQX1=GS1.1.1733938588.1.1.1733938643.0.0.0; _hp2_props.3001039959=%7B%22Base.appName%22%3A%22Canvas%22%7D; _hp2_id.3001039959=%7B%22userId%22%3A%228380098618431080%22%2C%22pageviewId%22%3A%228263404083042979%22%2C%22sessionId%22%3A%226190933744679632%22%2C%22identity%22%3A%22uu-2-2eb6e98b50646c7507132b2723e82dfc233c73df18214ed911653cc54338b536-aBnMizi0Az3KJzfw5YssKxIjtQMk0eN5LLbvPCDn%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D; _ga_Z4CT6X6KZ9=GS1.1.1738806238.1.0.1738806242.0.0.0; _ga_5BGKP7GP4G=GS1.2.1739409946.1.0.1739409946.0.0.0; _ga_342NG5FVLH=GS1.1.1739409946.1.1.1739410082.0.0.0; _hjSessionUser_3031228=eyJpZCI6IjBkMDZmNDBiLTU1YzQtNTc0YS1iYmNjLWI0MTFlNjNmMWUxOSIsImNyZWF0ZWQiOjE3Mzk0MDk5NDEwNTMsImV4aXN0aW5nIjp0cnVlfQ==; _ga_VYPEJGRDJF=GS1.1.1739409940.1.1.1739410105.0.0.0; _ga_YYFR1GWPHW=GS1.1.1739413109.1.0.1739413120.0.0.0; _ga_S5BH0KM7VB=GS1.2.1739905947.27.1.1739906072.0.0.0; _ga_0302HMZBJ8=GS1.1.1739921970.18.1.1739923555.0.0.0; _gcl_au=1.1.518602444.1739926326; _fbp=fb.1.1739926326150.532557184730761016; _ga_X3TNE87YPK=GS1.1.1739926325.1.1.1739926687.60.0.0; _ga_23PLH19HNX=GS1.1.1740008783.1.1.1740008943.0.0.0; _ga_R8TSBG6RMB=GS1.2.1740245189.69.0.1740245189.0.0.0; _ga_R6KRQHZJBT=GS1.1.1740272404.3.0.1740272404.0.0.0; _ga_5EVDWQ3TEC=GS1.1.1740273655.6.1.1740273691.0.0.0; fs_uid=#o-1V47MT-na1#26db6986-e5cc-49ec-8da7-fb30a42abda9:d15e9750-214d-41ec-9fb4-b34653504fc1:1740273689050::10#745ba53b#/1762218956; _ga=GA1.2.671589718.1739926326; _gid=GA1.2.1492661393.1740355120; _ga_HMGCPE01DS=GS1.2.1740355120.7.0.1740355120.0.0.0
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,652] [DEBUG] [satosa.routing.endpoint_routing] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Routing path: touchstone/oidc/authorization
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,653] [DEBUG] [satosa.routing._find_registered_endpoint_for_module] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Found registered endpoint: module name:'oidc', endpoint: touchstone/oidc/authorization
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,654] [DEBUG] [satosa.frontends.openid_connect._handle_authn_request] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Authn req from client: client_id=IJBCPLseBy1l&scope=openid+email+profile&response_type=code&redirect_uri=https%3A%2F%2Fopengrades.mit.edu%2Fapi%2Fauth%2Fcallback%2Fmit-oidc&state=KcJLZUZiovnvbkJKCs6j_7ueNmmUi_d7-EqrYxwKYMs
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,660] [DEBUG] [pyop.provider.parse_authentication_request] parsed authentication_request: {'client_id': 'IJBCPLseBy1l', 'scope': 'openid email profile', 'response_type': 'code', 'redirect_uri': 'https://opengrades.mit.edu/api/auth/callback/mit-oidc', 'state': 'KcJLZUZiovnvbkJKCs6j_7ueNmmUi_d7-EqrYxwKYMs'}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,664] [INFO] [satosa.base._auth_req_callback_func] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Requesting provider: IJBCPLseBy1l
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,665] [DEBUG] [satosa.routing.backend_routing] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Routing to backend: touchstone
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,665] [INFO] [satosa.backends.saml2.get_idp_entity_id] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] {'message': 'Selected IdP', 'only_one': 'http://www.okta.com/exkfuqmlzchKIVXFZ697', 'target_entity_id': None, 'force_authn': None, 'memorized_idp': None, 'entity_id': 'http://www.okta.com/exkfuqmlzchKIVXFZ697'}
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,666] [DEBUG] [satosa.backends.saml2._prefer_matching_host] [urn:uuid:5f92e601-ff14-4fdf-8cc3-af8de3784eb4] Can't find an ACS URL to this hostname (localhost:9999), selecting the first one
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,668] [DEBUG] [saml2.mdstore.service] service(http://www.okta.com/exkfuqmlzchKIVXFZ697, idpsso_descriptor, single_sign_on_service, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
Feb 24 00:02:09 petrock gunicorn[1243483]: [2025-02-24 00:02:09,668] [DEBUG] [saml2.mdstore.service] service => [{'__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService', 'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'location': 'https://okta.mit.edu/app/mitprod_petrocksipb_1/exkfuqmlzchKIVXFZ697/sso/saml'}]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions