What happened?
I’m trying to integrate pomerium with miniorange as my IdP solution (https://www.miniorange.com/) using OpenID Connect.
I’m able to log in miniorange, and I’m redirected back to pomerium, but upon redirection I get the following error:
What’s your environment like?
- pomerium/pomerium:latest
(pomerium: 0.16.0-1640214477+45a348de
envoy: 1.19.1+c5ecc1e167273edac76f6c07f980ed5a728f4b7e077679d74cfbc59c087933e5)
What’s your config.yaml?
authenticate_service_url: https://authenticate.xxxx.dev
certificate_file: /pomerium/cert.pem
certificate_key_file: /pomerium/privkey.pem
pomerium_debug: true
tls_skip_verify: true
idp_provider: oidc
idp_provider_url: http://identityprovider.xxx.dev
idp_client_id: xxxxxxx
idp_client_secret: xxxxxxx
cookie_secret: xxxxxxxxx
routes:
- from: https://verify.xxxx.dev
to: http://verify:8000
policy:
- allow:
or:
- email:
is: user@example.com
pass_identity_headers: true
version: "3"
services:
pomerium:
image: pomerium/pomerium:latest
volumes:
- ./_wildcard.xxx.dev.pem:/pomerium/cert.pem:ro
- ./_wildcard.xxx.dev-key.pem:/pomerium/privkey.pem:ro
- ./config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
verify:
image: pomerium/verify:latest
expose:
- 8080
What did you see in the logs?
pomerium_1 | 5:51PM INF http-request authority=authenticate.xxxx.dev duration=1.379121 forwarded-for=x.x.x.x method=GET path=/.pomerium/sign_in referer= request-id=67551413-7842-4ceb-a7a8-922adf7d78c9 response-code=302 response-code-details=via_upstream service=envoy size=801 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:51PM INF http-request authority=authenticate.xxxx.dev duration=29.270744 forwarded-for=x.x.x.x method=GET path=/oauth2/callback referer= request-id=f9d75864-1741-4873-aeb7-5fe46db74047 response-code=500 response-code-details=via_upstream service=envoy size=11490 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:51PM INF authorize check allow=false allow-why-false=["non-pomerium-route","user-unauthenticated"] check-request-id=bb53fcb5-7458-4e8b-9872-876c6c377bb9 databroker_record_version=4 databroker_server_version=4276235024113713087 deny=false deny-why-false=["valid-client-certificate-or-none-required"] email= host=verify.xxx..dev method=GET path=/ query= request-id=5d57e67f-09b0-4a21-a130-42a106705848 service=authorize user=
pomerium_1 | 5:51PM INF authenticate: session load error error="Bad Request: internal/sessions: session is not found" X-Forwarded-For=["x.x.x.x"] X-Forwarded-Proto=["https"] ip=127.0.0.1 request-id=eac6f8cc-c550-49d5-b62f-b3a431f2b874 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:51PM INF http-request authority=verify.xxx..dev duration=4.791906 forwarded-for=x.x.x.x method=GET path=/ referer= request-id=bb53fcb5-7458-4e8b-9872-876c6c377bb9 response-code=302 response-code-details=ext_authz_denied service=envoy size=11281 upstream-cluster= user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:51PM INF http-request authority=authenticate.xxxx.dev duration=1.050713 forwarded-for=x.x.x.x method=GET path=/.pomerium/sign_in referer= request-id=eac6f8cc-c550-49d5-b62f-b3a431f2b874 response-code=302 response-code-details=via_upstream service=envoy size=801 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:52PM INF http-request authority=authenticate.xxxx.dev duration=24.92803 forwarded-for=x.x.x.x method=GET path=/oauth2/callback referer=identityprovider.xxx.dev/ request-id=18031faf-2c13-4ab0-a928-45b53be5c8fa response-code=500 response-code-details=via_upstream service=envoy size=11490 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:52PM INF http-request authority=authenticate.xxxx.dev duration=83.210135 forwarded-for=x.x.x.x method=GET path=/oauth2/callback referer= request-id=523269d2-e119-41e4-af84-c4f88bc5a8f2 response-code=500 response-code-details=via_upstream service=envoy size=11550 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
pomerium_1 | 5:52PM INF http-request authority=authenticate.xxxx.dev duration=8.6032 forwarded-for=x.x.x.x method=GET path=/oauth2/callback referer= request-id=44aaa8c5-4f55-4d35-9ae2-096031f8703d response-code=500 response-code-details=via_upstream service=envoy size=11550 upstream-cluster=pomerium-control-plane-http user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"
Additional context
Add any other context about the problem here.