Hello dear community,
I recently updated to version 2 and since then I always get "Session expired" when I try to update/save something via the UI. I even tried with a clean installation, same problem. My setup:
- I run SCM-Manager in a container via Docker Compose, local port 10002
- I run an Apache reverse proxy before it, configured as stated in the wiki:
AllowEncodedSlashes NoDecode
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
ProxyPass /
http://localhost:10002/ nocanon
ProxyPassReverse /
http://localhost:10002/ <Location /scm>
Order allow,deny
Allow from all
</Location>
- The reverse proxy acts as TLS endpoint listening on 443
- The called URLs are correctly set to https
I can access the page, I can login, I can talk to the repos via SSH. All fine. Except when I try to change something, like settings, adding a plugin, creating a new repo, etc. Always get a 401 response.
I enabled trace logging to see what is going on and, on the problematic actions, always get this:
scm_manager_1 | 2020-12-22 10:09:20.064 [qtp120694604-17] [ ] TRACE sonia.scm.web.filter.AuthenticationFilter - generated web token class sonia.scm.security.BearerToken from generator class sonia.scm.web.CookieBearerWebTokenGenerator
scm_manager_1 | 2020-12-22 10:09:20.064 [qtp120694604-17] [ ] TRACE sonia.scm.web.filter.AuthenticationFilter - found authentication token on request, start authentication
scm_manager_1 | 2020-12-22 10:09:20.067 [qtp120694604-17] [ ] TRACE sonia.scm.web.filter.AuthenticationFilter - found basic authorization header, start authentication
scm_manager_1 | 2020-12-22 10:09:20.067 [qtp120694604-17] [ ] DEBUG sonia.scm.security.ApiKeyRealm - Ignoring non base 64 token; this is probably a JWT token or a normal password
scm_manager_1 | 2020-12-22 10:09:20.073 [qtp120694604-17] [ ] TRACE sonia.scm.store.JAXBConfigurationEntryStore - get item scmadmin from configuration store
scm_manager_1 | 2020-12-22 10:09:20.081 [qtp120694604-17] [ ] DEBUG sonia.scm.security.JwtAccessTokenResolver - token AxSJtO3Ua2 is invalid, marked by validator class sonia.scm.security.XsrfAccessTokenValidator
scm_manager_1 | 2020-12-22 10:09:20.106 [qtp120694604-17] [ ] TRACE sonia.scm.web.filter.AuthenticationFilter - handle token validation failed exception
scm_manager_1 | 2020-12-22 10:09:20.108 [qtp120694604-17] [ ] TRACE sonia.scm.web.filter.AuthenticationFilter - send unauthorized, because of a failed token validation
scm_manager_1 | 2020-12-22 10:09:20.112 [qtp120694604-17] [ ] TRACE sonia.scm.security.DefaultKeyGenerator - create new key 5GSJtOveCE
scm_manager_1 | 2020-12-22 10:09:20.131 [qtp120694604-17] [5GSJtOveCE] TRACE sonia.scm.store.JAXBConfigurationEntryStore - get item scmadmin from configuration store
scm_manager_1 | 2020-12-22 10:09:20.132 [qtp120694604-17] [5GSJtOveCE] DEBUG sonia.scm.security.JwtAccessTokenResolver - token AxSJtO3Ua2 is invalid, marked by validator class sonia.scm.security.XsrfAccessTokenValidator
scm_manager_1 | 2020-12-22 10:09:20.132 [qtp120694604-17] [5GSJtOveCE] TRACE sonia.scm.web.security.TokenRefreshFilter - could not resolve token
scm_manager_1 | sonia.scm.security.TokenValidationFailedException: Token validator class sonia.scm.security.XsrfAccessTokenValidator failed for access token AxSJtO3Ua2
scm_manager_1 | at sonia.scm.security.JwtAccessTokenResolver.validate(JwtAccessTokenResolver.java:92)
... STRACKTRACE ...
scm_manager_1 | 2020-12-22 10:09:20.136 [qtp120694604-17] [5GSJtOveCE] DEBUG sonia.scm.security.SecurityRequestFilter - blocked unauthenticated request to method public javax.ws.rs.core.Response sonia.scm.api.v2.resources.ConfigResource.update(sonia.scm.api.v2.resources.ConfigDto)
I am at a loss here and probably missing something ovvious.
I've looked through the docs time and again, but I can't seem to find any more things I need to set up except the reverse proxy config...
Any help would be appreciated!
Regards,
Maurice