Hi Domingos,
The "session not started" error from Engineblock means that your browser sends an assertion to the
ACS location of Engineblock after logging in at the IdP, without a session cookie, or with an
invalid session cookie. If this problem is only happening in Google Chrome, you might encounter
issues relating to the change in behaviour regarding the SameSite cookie parameter in Google Chrome.
Some more information on that issue can be found here:
https://wiki.surfnet.nl/display/surfconextdev/Default+cookie+SameSite+attribute+behaviour+change
and here:
https://www.chromium.org/updates/same-site
Regards,
Bart
On 8/28/20 7:01 PM, Domingos Gonçalves wrote:
> Hi,
>
> we would like to have some help to understand an issue we are facing on *OIDCNG.*
>
> After a successful authentication for instance on *oidc-playground* interface, using *Oauth2*
> protocol, after some minutes (ex. more then 5) if we try to reuse a session we receive an error
> saying "*No session found*"
>
> Bellow you can see the test we performed at *16:07:35* using the *OIDC Playground*.
>
> Our environment:
>
> |
> -------------------------------------------
> [ papp01 ]
> Component [Version|Status]
> -------------------------------------------
> Engine [6.1.3 |UP ]
> Engine-API [6.1.3 |UP ]
> OIDCNG [3.1.4 |UP ]
> OIDC-PLAYGROUND [2.3.1 |UP ]
> -------------------------------------------
> |
>
>
>
> Log at */var/log/oidcng/oidcng.log*
>
> |
> 2020-08-2816:00:00,005 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AccessToken
> 2020-08-2816:00:00,008 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.RefreshToken
> 2020-08-2816:00:00,011 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AuthorizationCode
> 2020-08-2816:00:00,014 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AuthenticationRequest
> 2020-08-2816:00:00,018 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.User
> 2020-08-2816:00:00,020 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.UserConsent
> |
>
>
>
> *Step 1*
>
> Started the test at 16:07:34
>
>
>
> You can see the log on the file in attach *first_submit.log*
>
> After that authentication we wait some time, maintaining the browser...
>
>
>
> *Step 2*
>
> At 16:14:40 I submitted the same form again and received the following error
>
>
>
>
> You can see the log on the file in attach *second_submit.log*
>
>
> Looking at *oidcng* log */var/log/oidcng/oidcng.log* we can see that were deleted some
> *AuthenticationCode* and *AuthenticationRequest*
>
> |
> 2020-08-2816:15:00,006 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AccessToken
> 2020-08-2816:15:00,010 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.RefreshToken
> 2020-08-2816:15:00,013 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted2instances of
> classoidc.model.AuthorizationCode
> 2020-08-2816:15:00,016 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AuthenticationRequest
> 2020-08-2816:15:00,023 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.User
> 2020-08-2816:15:00,027 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.UserConsent
> 2020-08-2816:30:00,006 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.AccessToken
> 2020-08-2816:30:00,009 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.RefreshToken
> 2020-08-2816:30:00,011 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted1instances of
> classoidc.model.AuthorizationCode
> 2020-08-2816:30:00,014 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted6instances of
> classoidc.model.AuthenticationRequest
> 2020-08-2816:30:00,027 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.User
> 2020-08-2816:30:00,030 INFO [scheduling-1]oidc.secure.ResourceCleaner:82-Deleted0instances of
> classoidc.model.UserConsent
> |
>
> End of test....
>
> We saw this behavior in another situations.
>
> Did the *OIDCNG* close the sessions after a few minutes?
>
> Are this session clean controlled by the configs on */opt/oidcng/application.yml* ?
>
> |
> server:
> session:
> timeout:28800
> cookie:
> secure:true
>
> spring:
> security:
> saml2:
> network:
> read-timeout:30000
> connect-timeout:15000
> |
>
> Any idea?
>
> Regards,
> Domingos
>
> --
> OpenConext - Open For Collaboration
> ---
> You received this message because you are subscribed to the Google Groups "OpenConext Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
>
openconext+...@googlegroups.com <mailto:
openconext+...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/openconext/9a953cfa-b0c9-4022-b72f-6f584b5e8817o%40googlegroups.com <
https://groups.google.com/d/msgid/openconext/9a953cfa-b0c9-4022-b72f-6f584b5e8817o%40googlegroups.com?utm_medium=email&utm_source=footer>.