Comments (15)
ok ive fixed the reauth problem! c67a76b
basically when u first hit the oidc callback from your provider you have session info,
but when u try hitting the page again (by say pressing back history)
the session info had vanished as you are already logged in and verified.
so just need to do a check to carry on if you already authed!
from meshcentral.
Hmm this should already be fixed?
Check the /opt/meshcentral/package.json it should include connect-flash if I remember?
Will check soon when laptops switched on
Edit. Pr here for the fix? 1dca9e2
from meshcentral.
I can see
"connect-flash": "0.1.1",
in the dependencies. This is /opt/meshcentral/meshcentral/package.json in the docker container. and connect-flash is definitely in the node-modules.
Edit. The changes from the pr are confirmed in the meshcentral.js
from meshcentral.
ok so im confused why you get this error? as normally it just means that package is missing but im guessing its been removed somewhere! will have a look soon
from meshcentral.
We are having the same issue, just haven't had the opportunity to look into it, after the service restarts, and you go back to the login page, it goes straight in, so feels like the return page that the oidc hits, is the one missing the required function
from meshcentral.
erm just re-read ur issue, the error is erroring inside the node_modules of passport.js
so is nothing to do with meshcentral!
which is quite worrying?
from meshcentral.
just out of curiosity, try setting ur config like below (i use authentik for my testing)
"authStrategies": {
"oidc": {
"issuer": {
"issuer": "https://auth.myserver.com/application/o/meshcentral-oidc/",
"authorization_endpoint": "https://auth.myserver.com/application/o/authorize/",
"token_endpoint": "https://auth.myserver.com/application/o/token/",
"endsession_endpoint": "https://auth.myserver.com/application/o/meshcentral-oidc/end-session/",
"jwks_uri": "https://auth.myserver.com/application/o/meshcentral-oidc/jwks/"
},
"client": {
"client_id": "CLIENTIDHERE",
"client_secret": "CLIENTSECRETHERE
},
"newAccounts": true
}
}
OR
try the basic config here - https://ylianst.github.io/MeshCentral/meshcentral/openidConnectStrategy/#basic-config-file-example
from meshcentral.
ok i think ive found the issue, but need you to confirm for me
(as i cannot replicate the issue but think i found why its missing)
line 6768 inside /opt/meshcentral/meshcentral/webserver.js
just under parent.authLog('setupHTTPHandlers', `OIDC: Authorization URL: ${authURL}`);
you need to add obj.app.use(require('connect-flash')());
then restart the meshcentral container (dont redeploy, just restart it!) and try again
from meshcentral.
Close.
First, it did allow login. If I click a PC, then click the "My Devices" icon (top on left), works as expected.
If I click on a PC, then click Back in the browser, I get "Internal Server Error" with this logged:
meshcentral | MeshCentral HTTP redirection server running on port 80.
meshcentral | MeshCentral v1.1.24, Hybrid (LAN + WAN) mode, Production mode.
meshcentral | MeshCentral Intel(R) AMT server running on mesh.xcsdm.com:4433.
meshcentral | Loaded web certificate from "https://mesh.xcsdm.com", host: "mesh.xcsdm.com"
meshcentral | SHA384 cert hash: 2a2d2e8b92d3c69e6ea937016c3dd638a3f6fe5c0c86f3a17ec2fe063d6f640a8643d4085c1e264164b5341323cfef19
meshcentral | SHA384 key hash: 4700277a409aa747e0b1ac2922a010da2099c20a269b1c6cd97a4001cc1505709a6470b8ad5526d16fd41d272bf2b256
meshcentral | MeshCentral HTTP server running on port 443.
meshcentral | ERR: Error: did not find expected authorization request details in session, req.session["oidc:auth.xcsdm.com"] is undefined
meshcentral | at /opt/meshcentral/meshcentral/node_modules/openid-client/lib/passport_strategy.js:132:13
meshcentral | at OpenIDConnectStrategy.authenticate (/opt/meshcentral/meshcentral/node_modules/openid-client/lib/passport_strategy.js:191:5)
meshcentral | at attempt (/opt/meshcentral/meshcentral/node_modules/passport/lib/middleware/authenticate.js:378:16)
meshcentral | at authenticate (/opt/meshcentral/meshcentral/node_modules/passport/lib/middleware/authenticate.js:379:7)
meshcentral | at /opt/meshcentral/meshcentral/webserver.js:6787:124
meshcentral | at Layer.handle [as handle_request] (/opt/meshcentral/meshcentral/node_modules/express/lib/router/layer.js:95:5)
meshcentral | at next (/opt/meshcentral/meshcentral/node_modules/express/lib/router/route.js:149:13)
meshcentral | at urlencodedParser (/opt/meshcentral/meshcentral/node_modules/body-parser/lib/types/urlencoded.js:91:7)
meshcentral | at Layer.handle [as handle_request] (/opt/meshcentral/meshcentral/node_modules/express/lib/router/layer.js:95:5)
meshcentral | at next (/opt/meshcentral/meshcentral/node_modules/express/lib/router/route.js:149:13)
from meshcentral.
@xcsdm that will be because when you press the back button its returning you back to the reauth page which will be invalid because you are already logged in/missing authentication.
can you just try changing ur config.json to look like the above for me and restarting? #6132 (comment)
from meshcentral.
@xcsdm ok i can replicate ur Error: did not find expected authorization request details in session
issue
i get the same thing, not too sure why?
will look into it, but will push the fix for the auth login for you!
from meshcentral.
Sorry I did not mention. I did change the config to match your example. Login works fine. I can remote control PCs, etc.
from meshcentral.
@xcsdm ah right no worries!
will look into the Error: did not find expected authorization request details in session
as soon as i can again
as you use docker you can use the master
image as it includes fixes 👍
(this image is build every time we push something to the master branch for people to test or use the latest features!)
from meshcentral.
commit to fix the redirect if someone tries to return auth but no user/cookie/etc... 62199d8
from meshcentral.
Related Issues (20)
- can not create group HOT 26
- Chat and Notify Access
- MeshAgent chat bug HOT 1
- Installed applications per device / per mesh / total HOT 4
- Meshagent IP address change alert/block HOT 3
- Add the ability to create dynamic device groups based on search filters?
- Built In Script Scheduler?
- ERROR NEW UPDATE 1.1.23 HOT 4
- Saved credentials not appearing between users HOT 4
- Keyboard input not working after sending Ctrl+Alt+Delete in shared link remote session HOT 5
- Updated from 1.22 to 1.23 and Now Crashing from meshuser.jsL821 realname HOT 1
- Backspace scrolls to top on mobile SSH connection HOT 2
- Continuous Logout Loop Issue After Login HOT 6
- Session time not working as expected HOT 4
- Error in the MeshServer operation: meshuser.js:792 HOT 6
- "Invalid origin in HTTP request" after upgrade from 1.1.16 to 1.1.24 HOT 9
- hide admin My Events with permissions HOT 5
- UNABLE TO USE GOOGLE AUTHENTICATOR APP HOT 3
- Battery Percentage no longer showing on many Laptop Types (since 1.1.23) HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meshcentral.