Really appreciate this. Both the Shibboleth and OAuth issues are happening for fresh logins, or how you've tested after a Koha logout.
I've reproduced it consistently in an incognito window, which simulates fresh and isolated cookie and session data but clearing once the window is closed, not an anonymous session persay, or is this what an anonymous session actually is? 😅 Most of our users would be logging in afresh without an existing session. This replicating the users first experience after attempting a login to Koha. Justin Dowswell (he/him) Technology Coordinator Tenants' Union of NSW 02 8117 3721 On Fri, 30 Jun 2023 at 12:09, David Cook <dc...@prosentient.com.au> wrote: > Hey Justin, > > > > I’ve raised a ticket for this: > https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34163 > > > > I was only able to reproduce the problem after a Koha logout. When are you > experiencing this problem with OAuth? > > > > The issue appears to stem from the handling of anonymous user sessions and > logging out. But curious if you’re experiencing it in other contexts… > > > > David Cook > > Senior Software Engineer > > Prosentient Systems > > Suite 7.03 > > 6a Glen St > > Milsons Point NSW 2061 > > Australia > > > > Office: 02 9212 0899 > > Online: 02 8005 0595 > > > > *From:* David Cook <dc...@prosentient.com.au> > *Sent:* Friday, 30 June 2023 11:22 AM > *To:* 'Justin Dowswell' <justin.dowsw...@tenantsunion.org.au> > *Cc:* 'koha@lists.katipo.co.nz' <koha@lists.katipo.co.nz> > *Subject:* RE: [Koha] SSO Shibboleth & oauth issues > > > > We’re everywhere! > > > > Well, the good news is that I’ve reproduced your error when testing OIDC > on the master code branch. > > > > But the bad news is that I’ve reproduced your error when testing OIDC on > the master code branch. > > > > I haven’t tested the Shibboleth integration yet as it’s more work to set > up, but it could be related. > > > > The OIDC is working fine in 22.11.03, so it looks like it was broken > between 22.11 and 23.05. > > > > I’ll look at fixing this one. (Authentication is a special interest of > mine, so I’m usually a good person to ask about these things.) > > > > But if you can check the Koha logs for anything obvious for your > Shibboleth issue in the meantime – that would be helpful. > > > > David Cook > > Senior Software Engineer > > Prosentient Systems > > Suite 7.03 > > 6a Glen St > > Milsons Point NSW 2061 > > Australia > > > > Office: 02 9212 0899 > > Online: 02 8005 0595 > > > > *From:* Justin Dowswell <justin.dowsw...@tenantsunion.org.au> > *Sent:* Friday, 30 June 2023 11:02 AM > *To:* David Cook <dc...@prosentient.com.au> > *Cc:* koha@lists.katipo.co.nz > *Subject:* Re: [Koha] SSO Shibboleth & oauth issues > > > > Hey David, > > > > It's good to know there is a Koha community active so close to us! > > > Great. > > > > So we're running 23.05 on Debian Bullseye installed using apt. > > > > I'll have a look through Koha's logs. We're using OAuth as an alternative, > using the same IdP. > > > > Justin Dowswell > > Technology Coordinator > > Tenants' Union of NSW > > 02 8117 3721 > > > > > > On Fri, 30 Jun 2023 at 09:46, David Cook <dc...@prosentient.com.au> wrote: > > Hey Justin, > > Sorry to hear you're having issues, but great to see another organisation > in NSW using Koha! > > Let's see if we can help you sort out this issue. What version of Koha are > you running, how did you install it, and on which Linux distro? > > With the Shibboleth, you'll want to look at your Koha logs. With the other > auth, are you using OAuth or OIDC? > > David Cook > Senior Software Engineer > Prosentient Systems > Suite 7.03 > 6a Glen St > Milsons Point NSW 2061 > Australia > > Office: 02 9212 0899 > Online: 02 8005 0595 > > -----Original Message----- > > Date: Wed, 28 Jun 2023 23:49:06 +1000 > From: Justin Dowswell <justin.dowsw...@tenantsunion.org.au> > To: koha@lists.katipo.co.nz > Subject: [Koha] SSO Shibboleth & oauth issues > Message-ID: > < > cagzh+upebxvz2asoxmyyxhbctmy3mylh3ubpfvyqyzcrcqh...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > Hey everyone, > > I am Justin from the Tenants’ Union of NSW. Lovely to meet you all, albeit > in an archaic manner. > > There is a Koha issue I am having trouble resolving… > > It’s a strange issue with Shibboleth and now I think the same issue > displayed differently with oauth (that I wanted to implement as an > alternative), both using the same IdP, and definitely isolated to Koha > and/or the server running it. I believe it’s a caching issue of some sort… > > When I get redirected back to Koha after a successful login with > Shibboleth, I get a HTTP 500 error, with this console output, unsure if > actually related or not: > > (index):6577 crbug/1173575, non-JS module files deprecated. (anonymous) @ > (index):6577 > > Refreshing the page redirects once again with a successful login. > > Oauth has a similar issue. I am redirected back to Koha after a > successful login with the identity provider and I am greeted with an error > message: > > > There was an error authenticating to external identity provider: > > wrong_csrf_token > > > Refreshing doesn't fix it but clicking the IdP login link again redirects > back with a successful login and token. > > My theory is the redirect is happening too quickly before the token is > actually retrieved. > > I've looked in Shibboleth's logs and have yet to see anything obvious. > > Thanks in advance, > Justin Dowswell > > -- > *The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait > Islander peoples are the First Peoples of Australia. Our office is on the > lands of the Gadigal of the Eora Nation. We are committed to respecting > Aboriginal and Torres Strait Islander peoples, cultures, lands, and > histories as we battle for tenants’ rights in NSW. Read our full > Acknowledgement of Country > <https://www.tenants.org.au/tu/acknowledgement-country>.* > > > > > > <https://www.tenants.org.au/> > > tenants.org.au <https://www.tenants.org.au/> > > > <https://rentingfair.org.au> > > <https://www.facebook.com/TUNSW/> > <https://twitter.com/TUNSW> > <https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w> > > > > > > This email > transmission is intended only for the addressee and may contain > confidential or privileged information. Confidentiality and privilege are > not waived if you are not the intended recipient of the email, nor may you > use, review, disclose, disseminate or copy any information contained or > attached to it. If you received this email in error please delete it and > any attachments and notify us immediately by return email. > > Tenants' Union > of NSW can only provide information and advice in the New South Wales and > Commonwealth jurisdictions. If you are enquiring from another state or > territory please contact your local community legal centre. > > > > > > > > > *The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait > Islander peoples are the First Peoples of Australia. Our office is on the > lands of the Gadigal of the Eora Nation. We are committed to respecting > Aboriginal and Torres Strait Islander peoples, cultures, lands, and > histories as we battle for tenants’ rights in NSW. Read our full > Acknowledgement of Country > <https://www.tenants.org.au/tu/acknowledgement-country>.* > > > > > > <https://www.tenants.org.au/> > > > tenants.org.au <https://www.tenants.org.au/> > > > > <https://rentingfair.org.au/> > > <https://www.facebook.com/TUNSW/> <https://twitter.com/TUNSW> > <https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w> > > > ------------------------------ > > This email transmission is intended only for the addressee and may contain > confidential or privileged information. Confidentiality and privilege are > not waived if you are not the intended recipient of the email, nor may you > use, review, disclose, disseminate or copy any information contained or > attached to it. If you received this email in error please delete it and > any attachments and notify us immediately by return email. > > Tenants' Union of NSW can only provide information and advice in the New > South Wales and Commonwealth jurisdictions. If you are enquiring from > another state or territory please contact your local community legal centre. > ------------------------------ > > > -- *The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait Islander peoples are the First Peoples of Australia. Our office is on the lands of the Gadigal of the Eora Nation. We are committed to respecting Aboriginal and Torres Strait Islander peoples, cultures, lands, and histories as we battle for tenants’ rights in NSW. Read our full Acknowledgement of Country <https://www.tenants.org.au/tu/acknowledgement-country>.* <https://www.tenants.org.au/> tenants.org.au <https://www.tenants.org.au/> <https://rentingfair.org.au> <https://www.facebook.com/TUNSW/> <https://twitter.com/TUNSW> <https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w> This email transmission is intended only for the addressee and may contain confidential or privileged information. Confidentiality and privilege are not waived if you are not the intended recipient of the email, nor may you use, review, disclose, disseminate or copy any information contained or attached to it. If you received this email in error please delete it and any attachments and notify us immediately by return email. Tenants' Union of NSW can only provide information and advice in the New South Wales and Commonwealth jurisdictions. If you are enquiring from another state or territory please contact your local community legal centre. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
