undefined index $_SESSION['openid_connect_state'] about openid-connect-php HOT 12 CLOSED

@TorresMat
Hi, I met the same problem that after redirection, Undefined index: openid_connect_state.
I tried to modify the redirection's request and response. but the problem appeared random sometimes.
Could you please share the modification about the cache control ?
Thank you.

from openid-connect-php.

I used a cookie instead of a session and my problem was solved

class myOpenId extends Jumbojett\OpenIDConnectClient {

    private $encryptPassword = "xxxxxxxx";

    public function __construct($provider_url = null, $client_id = null, $client_secret = null, $issuer = null)
    {
        parent::__construct($provider_url, $client_id, $client_secret, $issuer);
    }

    protected function getSessionKey($key)
    {
        return $_COOKIE[$key];
    }

    protected function setSessionKey($key, $value)
    {
        setcookie($key, $value, time() + 1728000, '/');
    }

    protected function unsetSessionKey($key)
    {
        unset($_COOKIE[$key]);
    }

    protected function setState($state)
    {
        $this->setSessionKey('openid_connect_state', $this->encryptCookie($state));
        return $state;
    }

    protected function getState()
    {
        return $this->decryptCookie($this->getSessionKey('openid_connect_state'));
    }

    protected function setNonce($nonce) {
        $this->setSessionKey('openid_connect_nonce', $this->encryptCookie($nonce));
        return $nonce;
    }

    protected function getNonce() {
        return $this->decryptCookie($this->getSessionKey('openid_connect_nonce'));
    }

    protected function encryptCookie($value)
    {
        return openssl_encrypt($value,"AES-128-ECB",$this->encryptPassword);
    }

    protected function decryptCookie($value)
    {
        return openssl_decrypt($value,"AES-128-ECB",$this->encryptPassword);
    }
}

from openid-connect-php.

The same thing happened to me yesterday. I solved it by doing two things and now it's working... I really think its the second one that fix it:

1. I read somewhere that Symfony saves the session when the action in the controller ends. This library is making use of the session inside and redirects by setting the "location" header not giving the change to the Symfony Framework to persist the session.

2. The action that I was using to redirect to my idp was being cached by the browser (it was a redirect response to the auth endpoint). The action named "/oidc_login" was never executed and when the user agent came back to the redirct uri there was no data in session (no state for example). I modified this code so the redirection can be made from the controller and set the cache-control and all-that-cache-header stuff so the redirect response won't get cached by the browser/varnish/whatever is in the middle. Maybe you can include those headers in the "redirect" method.

Bye! Thanks for OpenIdConnect-PHP! @ @

from openid-connect-php.

@Bubomir Thanks for the feedback. What version of PHP are you using? What provider are you trying to connect to?

I would make sure PHP SESSIONS are working properly. Set your debugger near the following and verify the state is able to be set.

$state = $this->setState($this->generateRandString());

I hope this helps.

from openid-connect-php.

I'm using

PHP 7.0.18 with Symfony 3.3.0

my test provider is

https://mojeid.fred.nic.cz/

link to doc:

https://www.mojeid.cz/dokumentace/html/

the state is never set when i tried to verify it

I think is because before is condition on line 234 where is call this->getState() before the setState() call.

if ($_REQUEST['state'] != $this->getState()) {
    throw new OpenIDConnectClientException("Unable to determine state");
 }

or maybe is a some issue with Symfony ....

from openid-connect-php.

@jumbojett can you please help us to fix this issue? I think issue is because of session only.
PFB:
https://prnt.sc/mtnlg4

My service provider is "Sparkplatform.com"

Looking forward for your kind help.

Thanks.

from openid-connect-php.

Hi! Never noticed this comment here. I'll try to remember this when I get back home tomorrow. @ashishnarola are you using Symfony or just PHP? The same question goes for @lincentma . Sorry for the late reply!

@TorresMat
Hi, I met the same problem that after redirection, Undefined index: openid_connect_state.
I tried to modify the redirection's request and response. but the problem appeared random sometimes.
Could you please share the modification about the cache control ?
Thank you.

from openid-connect-php.

@TorresMat Can you please show us how you have fixed this redirection from symfony controller?
as the library just change the location in the header we have the same problem here when trying to connect/authenticate (Undefined index: openid_connect_state)

from openid-connect-php.

Well, I haven't tried with the newest versions of this library. For what I can see there are some changes on how the library access the PHP session.

Earlier in this post I stated that there might be 2 causes for this, and that I was more inclined to think that the second one was the problem:

1. The fact that symfony saves the session at the end of the controller action and that the OpenIdConnectClient class makes use of the $_SESSION array combined with a 302 redirect thus not allowing the controller action/function to end.
2. The redirect method inside the OpenIdConnectClient class that was making a redirect with no cache-control header.

For what I can see now, I don't think "reason 2" was the problem because the redirect method inside OpenIDConnectClient is making a 302 temporary and I don't think the browser is caching this because only permanent redirects should be cached. The problem must be, then, "reason 1". Anyway, this redirect, is interfering with symfony so it is a little bit guilty.

In the past I think I over-solved this. It was 3AM and I wanted this problem fixed so I attacked 1) and 2) in a number of different ways to solve the problem in 30 minutes and go to bed.

Basically I modified the code so

1. ...the library won't make use of the PHP session directly. Instead, I use the Symfony Session service inside the library.
2. ...the library always returns an URL instead of making a redirect on its own (so symfony can do the redirect in the controller returning a Response object and persist the session correctly).

I attached three files:

1. OpenIDConnectService.php wrapper of OpenIDConnectClient. You will see this class a little bit empty but that's because I removed handy symfony methods that only served me.
2. OpenIDConnectClient.php The modified OpenIDConnectClient class.
3. OIDCController.php An example Controller using the OpenIDConnectService

Warning... this is 3AM coding.

from openid-connect-php.

Got this error today:

[2020-01-07 12:27:44] production.ERROR: Undefined index: openid_connect_state {"exception":"[object] (ErrorException(code: 0): Undefined index: openid_connect_state at /home/ubuntu/test/src/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php:1415) [stacktrace] #0 /home/ubuntu/test/src/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(1415): Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(8, 'Undefined index...', '/home/ubuntu/te...', 1415, Array) #1 /home/ubuntu/test/src/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php(284): Jumbojett\\OpenIDConnectClient->getState() #2 /home/ubuntu/test/src/app/Http/Controllers/Auth/OidcController.php(80): Jumbojett\\OpenIDConnectClient->authenticate()

Running php 7.3.11 w/Laravel 6.10 and OpenID-Connect-PHP v0.7

from openid-connect-php.

I have the same problem here. Unable to determine state

    private function authenticateByOpenIDConnect($code){
        $oidc = new OpenIDConnectClient(config('oidc.provider_uri'),
            config('oidc.client_id'),
            config('oidc.client_secret'));

        $oidc->setVerifyHost(false);
        $oidc->setVerifyPeer(false);
        $oidc->setHttpUpgradeInsecureRequests(false);

        $oidc->setRedirectURL(config('oidc.redirect_uri'));

        if($oidc->authenticate()){
            print_r($oidc->requestUserInfo());
        }

    }

The setState call is done after the getState

should i call another method before calling authenticate method ?

i'm on PHP 8.1.13 laravel 9

from openid-connect-php.

from openid-connect-php.