[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 15 14:51:39 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755
--- Comment #3 from Lukas Koszyk <lukasz.koszyk at kit.edu> ---
I confirm that we have the same problem (in version 23.05.04).
I also checked the userenv variable when generating and checking the CSRF
token, in the logs I see the userenv of another user (not "anonymous").
The solution could be to destroy the hash for the active user and build a new
hash for environment variables in initial OIDC request before generating the
CSRF token (or even in callback by checking the token).
Or it might be necessary to delete the entire session and initiate a new one
when logging in using OIDC.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list