Comments (8)
Are you using an official nginx config? This looks like a configuration issue with your proxy. I'd also suggest submitting a HAR file as this can't be replicated and this interaction is tested in integration testing.
from authelia.
In what sense configuration issue with the nginx proxy? nginx doesn't know about authelia URLs, authelia knows so why the nginx proxy configuration would ever redirect to an authelia specific URL like api/auth/error and then, once this part of the URL is manually removed from the browser address bar, the actual application is loaded?
It might be an authelia related (mis)configuration and the authelia configuration is already attached to the case - in addition, even if it is clear that authelia did actually successfully authenticated the user (because, if I manually remove the api/auth/error from the address bar the correct app is loaded) instead of forwarding me to the app it just shows the error screen with the api/auth/error URL. Why would it do that?
I understand this is tested but authelia has so many proxy combinations which supports that testing against each and every proxy with each and every configuration combination (valid) is virtually impossible - Its powerful to support so many proxies but it is also more difficult to be sure what works when. For instance maybe people use Authelia mostly with NGINX proxy manager and I just configure authelia with plain nginx and this combination (maybe) is not so much tested like nginx proxy manager.
from authelia.
If it helps I did use the official authelia documentation for nginx integration and I also looked how swag linuxserver/reverse-proxy-confs is integrating authelia with nginx.
https://github.com/linuxserver/reverse-proxy-confs
from authelia.
I just noticed that, after an expired session, it shows me to login and the URL starts by being
/?rd=https%3A%2F%2Fsubdomain2.subdomain.domain.org%2Fapi%2Fauth%2Ferror
Notice the %2Fapi%2Fauth%2Ferror and the end of the URL => it is redirecting to %2Fapi%2Fauth%2Ferror
this is not what is expected - what is expected is, even after expired session, to provide good credentials and to login to the app and not to see an error screen with an %2Fapi%2Fauth%2Ferror URL after correct credentials are provided
from authelia.
In what sense configuration issue with the nginx proxy? nginx doesn't know about authelia URLs, authelia knows so why the nginx proxy configuration would ever redirect to an authelia specific URL like api/auth/error and then, once this part of the URL is manually removed from the browser address bar, the actual application is loaded?
None of those URLs you're having issues with are Authelia's URLs. /api/auth/error and /api/auth/_log are not paths we use.
Notice the %2Fapi%2Fauth%2Ferror and the end of the URL => it is redirecting to %2Fapi%2Fauth%2Ferror
I understand what's happening, but it's not Authelia making this redirection or is very unlikely to be. The HAR or network tab of your browser will reveal the correct redirection to the FULL URL in that's in the RD parameter https://subdomain2.subdomain.domain.org/api/auth/error
, then when you've been redirected to https://subdomain2.subdomain.domain.org/api/auth/error
the application itself or the proxy are redirecting you to /api/auth/error
.
from authelia.
Any updates?
from authelia.
Yes, you were right /api/auth/error comes from next-auth which is used by the protected app and most likely next-auth session expired and, together witu authelia being expired, it shows the /?rd=https%3A%2F%2Fsubdomain2.subdomain.domain.org%2Fapi%2Fauth%2Ferror
I increased the next-auth session maxAge to see if it will make any difference.
from authelia.
Alright, awesome. I'll close this off. You're welcome to open another bug report, reopen this one with a reply, or open a discussion regarding next auth if you can't figure it out.
from authelia.
Related Issues (20)
- Panic (recovered) when client secret is nil due to filters HOT 4
- `lifespan_name` cannot be changed to a different custom name HOT 4
- Update from v4.37.5 to v4.38 fails HOT 4
- Example config has incorrect config parameter (token_lifespan instead of jwt_lifespan) HOT 1
- FR: add option for additional 2FA verification for elevated session HOT 2
- Upgrading from v4.38 beta 2 to v4.38.6 failed HOT 1
- Authelia shows "Wrong credentials"-Info when a user was banned HOT 2
- Bypass all domains without apply the two-factor rules HOT 3
- Allow specifying cookies config with environment variables HOT 4
- Connection impossible HOT 5
- wrong error message for old config of "host" value HOT 2
- Authelia should fail to start with a clear error message when it encounters invalid YAML configuration HOT 2
- MFA not loaded, if oidc has authorization_policy with two_factor HOT 3
- Not every error needs a stacktrace HOT 2
- Missing trailing slash can lead to Authelia showing empty window HOT 15
- Server Authz Endpoints invalid configuration example HOT 2
- Using AWS' SES for password reset emails errors on latest version HOT 3
- authelia-v4.38.7-public_html.tar.gz has changed, was this intentional? HOT 4
- HA-Proxy Ingress: *.cluster.local is not under the protected domain HOT 4
- settings: identity verification hangs indefinitely instead of showing error HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authelia.