Reputation: 527
Spring OAuthClient fails on 2nd login attempt - Auth Server suceeds on both - Concurrent Sessions set to > 1
I'm looking for some help.
I'm not sure why it is that when I try logging in via an OAuthClient to my Auth Server, it suceeds on the 1st try, and I get redirected back to the login page. But when I try logging in again via the OAuthClient, that fails, even though the AuthServer suceeds everytime? I have set max concurrent sessions to 5, but I do notice that on each login attempt the Session ID gets reset (SESSION: between Angular and the OAuthClient)
Here are my logs:
Login attempt 1:
Session ID: 1a7718ab-dcc2-4d83-a5fa-6a1e304d7864
Session Attributes before update: {}
Session Attributes after update: {post_login_failure_uri=http://localhost:7080/angular-ui/login-error, post_login_success_uri=http://localhost:7080/angular-ui/home}
RUNNING REDIRECT STRATEGY: 302 FOUND
ON SUCCESSFUL REDIRECT URI: http://localhost:7080/angular-ui/home
RUNNING REDIRECT STRATEGY: 302 FOUND
Removing matching request for http://localhost:7080/bff/login-options
Login attempt 2:
Session ID: a63df846-a55c-432c-a11e-6d095e259dcb
Session Attributes before update: {}
Session Attributes after update: {post_login_failure_uri=http://localhost:7080/angular-ui/login-error, post_login_success_uri=http://localhost:7080/angular-ui/home}
RUNNING REDIRECT STRATEGY: 302 FOUND
ON FAILURE REDIRECT URI: http://localhost:7080/angular-ui/login-error
URI with Query Parameters: http://localhost:7080/angular-ui/login-error?error=%5Bauthorization_request_not_found%5D%20
RUNNING REDIRECT STRATEGY: 302 FOUND
Removing matching request for http://localhost:7080/bff/login-options
Removing matching request for http://localhost:7080/bff/login-options
Login attempt 3:
Session ID: a63df846-a55c-432c-a11e-6d095e259dcb
Why does this extra attribute appear in attributes?
Session Attributes before update: {post_login_failure_uri=http://localhost:7080/angular-ui/login-error, post_login_success_uri=http://localhost:7080/angular-ui/home, org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository.AUTHORIZATION_REQUEST=org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest@7c949b1f}
Session Attributes after update: {post_login_failure_uri=http://localhost:7080/angular-ui/login-error, post_login_success_uri=http://localhost:7080/angular-ui/home, org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository.AUTHORIZATION_REQUEST=org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest@7c949b1f}
RUNNING REDIRECT STRATEGY: 302 FOUND
ON FAILURE REDIRECT URI: http://localhost:7080/angular-ui/login-error
URI with Query Parameters: http://localhost:7080/angular-ui/login-error?error=%5Bauthorization_request_not_found%5D%20
RUNNING REDIRECT STRATEGY: 302 FOUND
Removing matching request for http://localhost:7080/bff/login-options
GitHub repository https://github.com/dreamstar-enterprises/docs/tree/master/Spring%20BFF/bff
Relevant files
OAuth2 Success Handler: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/handlers/OAuth2ServerAuthenticationSuccessHandler.kt
OAuth2 Failure Handler: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/handlers/OAuth2ServerAuthenticationFailureHandler.kt
OAuth2 Request Resolver: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/resolvers/OAuthAuthorizationRequestResolver.kt
SessionRegistry: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/sessions/SessionRegistryConfig.kt
WebSessionStore: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/sessions/WebSessionStoreConfig.kt
ConcurrentSessionControl: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/auth/handlers/ConcurrentSessionControlServerAuthenticationSuccessHandler.kt
Application Properties: https://github.com/dreamstar-enterprises/docs/blob/master/Spring%20BFF/bff/props/AppPropertiesConfig.kt (see Session Properties, and Spring Session Properties)
Note, even though in the properties I set the session cookie to be called "SESSIONID" its actually called SESSION in Angular. The JSESSIONID is from the AuthServer. Also , I have no idea where the first SESSION ID is from: 67e9c54e-d6aa-4c00-bf05-fffc5f6e7263 (I don't see that being issued in any of my 3 login attempts)
. Can somebody please help?
Upvotes: 0
Views: 32
Answers (0)
Related Questions
- Spring Boot UserRedirectRequiredException- A redirect is required to get the users approval
- When the Auth Server redirects to the SSO Proxy server it doesn't know the login was successful
- spring-boot user session not added to context after login when switching from https to http
- spring-boot 1.3-M5 oauth2 SSO does not work with spring-session?
- OAuth2 Spring client error: No redirect URI has been established