From justin.dowswell at tenantsunion.org.au Wed Jun 28 15:40:39 2023 From: justin.dowswell at tenantsunion.org.au (Justin Dowswell) Date: Wed, 28 Jun 2023 13:40:39 -0000 Subject: [Koha-oz] SSO Shibboleth & oauth issues Message-ID: Hey everyone, I am Justin from the Tenants’ Union of NSW. Lovely to meet you all, albeit in an archaic manner. There is a Koha issue I am having trouble resolving… It’s a strange issue with Shibboleth and now I think the same issue displayed differently with oauth (that I wanted to implement as an alternative), both using the same IdP, and definitely isolated to Koha and/or the server running it. I believe it’s a caching issue of some sort… When I get redirected back to Koha after a successful login with Shibboleth, I get a HTTP 500 error, with this console output, unsure if actually related or not: (index):6577 crbug/1173575, non-JS module files deprecated. (anonymous) @ (index):6577 Refreshing the page redirects once again with a successful login. Oauth has a similar issue. I am redirected back to Koha after a successful login with the identity provider and I am greeted with an error message: > There was an error authenticating to external identity provider: > wrong_csrf_token Refreshing doesn't fix it but clicking the IdP login link again redirects back with a successful login and token. My theory is the redirect is happening too quickly before the token is actually retrieved. I've looked in Shibboleth's logs and have yet to see anything obvious. Thanks in advance, Justin Dowswell -- *The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait Islander peoples are the First Peoples of Australia. Our office is on the lands of the Gadigal of the Eora Nation. We are committed to respecting Aboriginal and Torres Strait Islander peoples, cultures, lands, and histories as we battle for tenants’ rights in NSW. Read our full Acknowledgement of Country .* tenants.org.au This email transmission is intended only for the addressee and may contain confidential or privileged information. Confidentiality and privilege are not waived if you are not the intended recipient of the email, nor may you use, review, disclose, disseminate or copy any information contained or attached to it. If you received this email in error please delete it and any attachments and notify us immediately by return email. Tenants' Union of NSW can only provide information and advice in the New South Wales and Commonwealth jurisdictions. If you are enquiring from another state or territory please contact your local community legal centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: