oidc_restore_proto_state: no "mod_auth_openidc_state_YYYYY" state cookie found, referer:

[pscpsc29]

Hi,
My problem is :

oidc_restore_proto_state: no "mod_auth_openidc_state_mrYYYYY" state cookie found, referer:
oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response: [src/jose/apr_jwt.c:177: apr_jwt_base64url_decode_object]: JSON parsing (json_loads) failed: unable to decode byte 0x9a (\x9a\xb2V&\x86\x06|)\n, referer:
oidc_authorization_response_match_state: unable to restore state, referer:
oidc_handle_authorization_response: invalid authorization response state and no default SSO URL is set, sending an error..., referer:

Configuration :
OIDCProviderMetadataURL https://URL
OIDCClientID clientidvalue
OIDCClientSecret cliensecretvalue
OIDCRedirectURI https://example.com/openid
OIDCCryptoPassphrase passphrasevalue
OIDCCookiePath /
<Location /openid>
AuthType openid-connect
Require valid-user
</ Location>

What can I do ?

[pscpsc29]

I tried to fix :
OIDCCookieSameSite On

But now, I have this error :
httpd[80853]: Invalid command 'OIDCCookieSameSite', perhaps misspelled or defined by a module not included in the server configuration

OpenID version is : 1.8.8, I can't install most recent version because my apache server is old.

Do you know any issue ?

[zandbelt]

older version of Apache are supported - with recent version of mod_auth_openidc - under a commercial agreement via sales@zmartzone.eu

[pscpsc29]

Thank you for your reply.
Is there another solution without using the recent version ?

[pscpsc29]

Hi,

I now install mod_auth_openidc 2.4.11

OIDCProviderMetadataURL https://myprovider.com
OIDCClientID clientidvalue
OIDCClientSecret cliensecretvalue
OIDCRedirectURI https://mydomain.com/openid
OIDCCryptoPassphrase passphrasevalue
OIDCCookiePath /
OIDCCookieSameSite On
OIDCCookieDomain mydomain.com

<Location /openid>
AuthType openid-connect
Require valid-user
</ Location>

But I always get the same problem with cookie state :

[Tue Jul 12 10:01:06.162593 2022] [auth_openidc:error] [pid ] [client ] oidc_restore_proto_state: no "mod_auth_openidc_state_Glp9pj0Fiv" state cookie found: check domain and samesite cookie settings, referer: https://myprovider.com/
[Tue Jul 12 10:01:06.162689 2022] [auth_openidc:error] [pid ] [client ] oidc_authorization_response_match_state: unable to restore state, referer: https://myprovider.com/
[Tue Jul 12 10:01:06.162705 2022] [auth_openidc:error] [pid ] [client ] oidc_handle_authorization_response: invalid authorization response state and no default SSO URL is set, sending an error..., referer: https://myprovider.com/

What can I do please ?
Thank you

[pscpsc29]

@zandbelt can you kindly help us on this ?

[zandbelt]

which browser are you using?

[pscpsc29]

Microsoft Edge
Version 103.0.1264.62

[zandbelt]

it seems that the state cookie is not delivered by the browser so I guess you just need to make sure that you're using the same hostname across browser bar, redirect URI etc.

[pscpsc29]

Yes, I'm using the same hostname
I really don't understand