Last active
February 6, 2020 16:32
-
-
Save mhf-ir/ef96979f4dbb4138a3c95236f0edcb20 to your computer and use it in GitHub Desktop.
Vouch proxy ADFS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vouch: | |
logLevel: debug | |
testing: true | |
listen: 0.0.0.0 | |
port: 19090 | |
AllowAllUsers: true | |
domains: | |
- example.tld | |
- app.example.tld | |
- vouch.example.tld | |
- adfs.example.tld | |
cookie: | |
name: VouchCookie | |
headers: | |
jwt: X-Vouch-Token | |
querystring: access_token | |
redirect: X-Vouch-Requested-URI | |
idToken: X-Vouch-IdP-IdToken | |
jwt: | |
secret: mahSahthi6tahpa0aev2goo9zeij4jonai0iehei5Chi4eec | |
maxAge: 300 | |
compress: true | |
db: | |
file: /db/vouch_bolt.db | |
oauth: | |
provider: adfs | |
client_id: 9b31f91c-91da-47df-899f-e66c7b9cc2ef | |
client_secret: aivahf7Eeyougitoh2eig7meequohs8feiroh3oshohshoh2 | |
auth_url: https://adfs.example.tld/adfs/oauth2/authorize/ | |
token_url: https://adfs.example.tld/adfs/oauth2/token/ | |
scopes: | |
- profile | |
- openid | |
callback_url: https://vouch.example.tld/auth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"level":"debug","ts":1581006222.3768554,"msg":"logLevel set to debug"} | |
{"level":"warn","ts":1581006222.3769734,"msg":"generating random session.key"} | |
{"level":"info","ts":1581006222.3770669,"msg":"configuring ADFS OAuth"} | |
{"level":"info","ts":1581006222.3771338,"msg":"configuring adfs OAuth with Endpoint https://adfs.example.tld/adfs/oauth2/authorize/"} | |
{"level":"debug","ts":1581006222.3771772,"msg":"vouch.jwt.secret is 44 characters long"} | |
{"level":"debug","ts":1581006222.377193,"msg":"vouch.session.key is 44 characters long"} | |
{"level":"debug","ts":1581006222.3772035,"msg":"checking availability of tcp port: 0.0.0.0:19090"} | |
{"level":"debug","ts":1581006222.3780773,"msg":"viper settings map[oauth:map[auth_url:https://adfs.example.tld/adfs/oauth2/authorize/ token_url:https://adfs.example.tld/adfs/oauth2/token/ scopes:[email profile openid] callback_url:https://vouch.example.tld/auth client_id:9b31f91c-91da-47df-899f-e66c7b9cc2ef provider:adfs client_secret:HdjzbBRMwTF2c_n-Vx0zScLYImd9hDGH-drfOeP0] vouch:map[jwt:map[compress:false maxage:300 secret:54V2jDpTQs7AfaoNOI/6J7quwyIvGLn48d8YCPWIeLE=] port:19090 headers:map[jwt:X-Vouch-Token redirect:X-Vouch-Requested-URI idtoken:X-Vouch-IdP-IdToken querystring:access_token] cookie:map[domain:.example.tld secure:false name:VouchCookie] listen:0.0.0.0 domains:[example.tld app.example.tld vouch.example.tld adfs.example.tld] allowallusers:true db:map[file:/db/vouch_bolt.db] loglevel:debug]]"} | |
{"level":"debug","ts":1581006222.3781853,"msg":"opening dbfile /db/vouch_bolt.db"} | |
{"level":"info","ts":1581006222.383021,"msg":"starting Vouch","version":"14b5740","buildtime":"2019-12-19T19:29:27Z","buildhost":"453007767e95","branch":"master","semver":"v0.6.17","listen":"0.0.0.0:19090","oauth.provider":"adfs"} | |
{"level":"debug","ts":1581006222.3832712,"msg":"serving static files from /static"} | |
{"level":"debug","ts":1581006230.4061077,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Sec-Fetch-User:[?1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006901] X-Aasaam-Client-New:[1] Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Mode:[navigate] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Request-Id:[b690d68e8aca09f0a5ae818bd663a2e3] X-Forwarded-Port:[443] Upgrade-Insecure-Requests:[1] Sec-Fetch-Site:[none] X-Request-Time:[1581006230.404]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:47938 /validate <nil> <nil> <nil> 0xc4201a6a80}"} | |
{"level":"debug","ts":1581006230.4061875,"msg":"/validate"} | |
{"level":"error","ts":1581006230.4062333,"msg":"no jwt found in request"} | |
{"level":"debug","ts":1581006230.4062662,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006230.4062786,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006230.4065607,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006230.4066162,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006230.4066386,"msg":"|401| 434.956µs /validate","statusCode":401,"request":1,"latency":0.000434956,"avgLatency":0.000434956,"ipPort":"127.0.0.1:47938","method":"GET","host":"app.example.tld","path":"/validate","referer":""} | |
{"level":"debug","ts":1581006230.4445183,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Sec-Fetch-Site:[none] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Version:[79] X-Aasaam-Geo-Country-Flag:[🌐] Connection:[close] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Request-Time:[1581006230.443] X-Forwarded-Port:[443] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Os:[linux] Upgrade-Insecure-Requests:[1] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Client-Id:[9bcecad5] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept-Encoding:[gzip, deflate, br] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-Mode:[navigate] X-Request-Id:[40851b9328e8982825cc22136653d5d9] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Vendor:[google] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:47940 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc4201a6cf0}"} | |
{"level":"debug","ts":1581006230.4446108,"msg":"/login"} | |
{"level":"debug","ts":1581006230.4446263,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006230.4446328,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006230.4447258,"msg":"session state set to yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006230.4447427,"msg":"session requestedURL set to https://app.example.tld/"} | |
{"level":"debug","ts":1581006230.4447494,"msg":"saving session"} | |
{"level":"debug","ts":1581006230.445172,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006230.4452028,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006230.4454443,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006230.4454672,"msg":"|302| 834.853µs /login","statusCode":302,"request":2,"latency":0.000834853,"avgLatency":0.000634904,"ipPort":"127.0.0.1:47940","method":"GET","host":"vouch.example.tld","path":"/login","referer":""} | |
{"level":"debug","ts":1581006243.8035188,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz HTTP/1.0 1 0 map[X-Request-Id:[f612862bf79ba4f86cf9673b8d421144] X-Request-Time:[1581006243.801] X-Aasaam-Client-Id:[9bcecad5] Connection:[close] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Port:[443] X-Aasaam-Client-New:[0] Sec-Fetch-User:[?1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjIzMHxEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnZVhoYWVVbGxZbEV4ZFUxdFNuQnVhbHAwVEZVemFqVlpRalJoV1V0b1ZYb0djM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXye32fNF2MIgnGoh0UKfYbBunhn_12lomtpCc9_D-zq0g==] X-Aasaam-Geo-Country-Flag:[🌐] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Hash:[807ca0a2] Cache-Control:[max-age=0] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Version:[79] X-Aasaam-Agent-Vendor:[google] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Os:[linux] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Site:[same-site]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48614 /auth?code=pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz <nil> <nil> <nil> 0xc42018bd10}"} | |
{"level":"debug","ts":1581006243.8037906,"msg":"/auth"} | |
{"level":"debug","ts":1581006243.8042417,"msg":"code: pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg"} | |
{"level":"error","ts":1581006243.8749158,"msg":"jws: invalid token received"} | |
{"level":"debug","ts":1581006243.8749745,"msg":"/auth Claims from userinfo: {Claims:map[]}"} | |
{"level":"debug","ts":1581006243.8749862,"msg":"/auth CallbackHandler"} | |
{"level":"debug","ts":1581006243.8750114,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"} | |
{"level":"debug","ts":1581006243.8750224,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"} | |
{"level":"debug","ts":1581006243.875279,"msg":"new user.. setting created on to 1581006243"} | |
{"level":"error","ts":1581006243.8753667,"msg":"key required"} | |
{"level":"error","ts":1581006243.8753965,"msg":"key required"} | |
{"level":"debug","ts":1581006243.8754392,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024243 0 Vouch 0 }} false}"} | |
{"level":"debug","ts":1581006243.8754485,"msg":"token expires: 1581024243"} | |
{"level":"debug","ts":1581006243.8754528,"msg":"diff from now: 18000"} | |
{"level":"debug","ts":1581006243.875562,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006243.8758647,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006243.8759408,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006243.875965,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006243.8759823,"msg":"|302| 72.191129ms /auth","statusCode":302,"request":3,"latency":0.072191129,"avgLatency":0.024486979,"ipPort":"127.0.0.1:48614","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006243.9168053,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Aasaam-Client-New:[1] Upgrade-Insecure-Requests:[1] Sec-Fetch-Site:[same-site] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Request-Time:[1581006243.915] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Request-Id:[2b4510216b71bcc4ff57e87f7ec210e2] X-Real-Ip:[XXX.XXX.64.31] Sec-Fetch-User:[?1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c] Connection:[close] Cache-Control:[max-age=0]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48620 /validate <nil> <nil> <nil> 0xc420370900}"} | |
{"level":"debug","ts":1581006243.9168768,"msg":"/validate"} | |
{"level":"debug","ts":1581006243.916936,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c"} | |
{"level":"debug","ts":1581006243.9169517,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c"} | |
{"level":"debug","ts":1581006243.9172158,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024243 0 Vouch 0 }}"} | |
{"level":"debug","ts":1581006243.917252,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024243 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"} | |
{"level":"error","ts":1581006243.917274,"msg":"no Username found in jwt"} | |
{"level":"debug","ts":1581006243.9172904,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006243.9173,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006243.9173071,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006243.9173222,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006243.9173357,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006243.917348,"msg":"|401| 472.132µs /validate","statusCode":401,"request":4,"latency":0.000472132,"avgLatency":0.018483268,"ipPort":"127.0.0.1:48620","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006243.9565418,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Forwarded-Port:[443] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Real-Ip:[XXX.XXX.64.31] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c; VouchSession=MTU4MTAwNjI0M3xEdi1CQkFFQ180SUFBUkFCRUFBQV80N19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnZVhoYWVVbGxZbEV4ZFUxdFNuQnVhbHAwVEZVemFqVlpRalJoV1V0b1ZYb0djM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNQWdBQUJuTjBjbWx1Wnd3Y0FCcG9kSFJ3Y3pvdkwybG1ZWFYwYUM1cGRXMXpMbUZqTG1seUx3TnBiblFFQWdBQXxRQh3TEXSUqcrOI-pR8E-vLHS-ZztEMCGuMSTc6Ys3jg==] X-Request-Id:[e9a9598f52344f6e386e45d4468dc947] X-Forwarded-Host:[vouch.example.tld] X-Forwarded-Proto:[https] Sec-Fetch-User:[?1] Accept-Encoding:[gzip, deflate, br] Cache-Control:[max-age=0] Sec-Fetch-Site:[same-site] Sec-Fetch-Mode:[navigate] X-Request-Time:[1581006243.955] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Name:[chrome] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Version:[79] X-Aasaam-Geo-Country-Flag:[🌐] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Agent-Os:[linux] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google] Upgrade-Insecure-Requests:[1]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48622 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc42001e450}"} | |
{"level":"debug","ts":1581006243.9566412,"msg":"/login"} | |
{"level":"debug","ts":1581006243.956664,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006243.956679,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006243.9566877,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006243.9574695,"msg":"session state set to cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt"} | |
{"level":"debug","ts":1581006243.9575016,"msg":"session requestedURL set to https://app.example.tld/"} | |
{"level":"debug","ts":1581006243.957515,"msg":"failcount for https://app.example.tld/ is 0"} | |
{"level":"debug","ts":1581006243.9575226,"msg":"saving session"} | |
{"level":"debug","ts":1581006243.9576814,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt"} | |
{"level":"debug","ts":1581006243.9577262,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006243.9577606,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006243.9577963,"msg":"|302| 1.121313ms /login","statusCode":302,"request":5,"latency":0.001121313,"avgLatency":0.015010877,"ipPort":"127.0.0.1:48622","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.110164,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt HTTP/1.0 1 0 map[Connection:[close] Cache-Control:[max-age=0] X-Request-Id:[7823940bd53bfd203c4d5cc2ccb837af] X-Aasaam-Agent-Version:[79] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Os:[linux] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Forwarded-Port:[443] X-Request-Time:[1581006244.109] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Agent-Vendor:[google] X-Aasaam-Agent-Hash:[807ca0a2] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0M3xEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnWTNsWFdsaDNjbFpQVjNaV1UwaHVSRlJHV2xWUVkwbDNiR1pOYldsU1ZIUUdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXyqse6O2nikzolX6oqqVESivEdQgyVf44zsJ6jPsAbOOA==] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Client-New:[0] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Geo-Country-Flag:[🌐] X-Forwarded-Proto:[https] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Host:[vouch.example.tld] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48628 /auth?code=pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt <nil> <nil> <nil> 0xc42001eb70}"} | |
{"level":"debug","ts":1581006244.1102476,"msg":"/auth"} | |
{"level":"debug","ts":1581006244.110698,"msg":"code: pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg"} | |
{"level":"error","ts":1581006244.1256704,"msg":"jws: invalid token received"} | |
{"level":"debug","ts":1581006244.1257057,"msg":"/auth Claims from userinfo: {Claims:map[]}"} | |
{"level":"debug","ts":1581006244.1257155,"msg":"/auth CallbackHandler"} | |
{"level":"debug","ts":1581006244.1258433,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"} | |
{"level":"debug","ts":1581006244.1258583,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"} | |
{"level":"debug","ts":1581006244.125886,"msg":"new user.. setting created on to 1581006244"} | |
{"level":"error","ts":1581006244.1259239,"msg":"key required"} | |
{"level":"error","ts":1581006244.1259441,"msg":"key required"} | |
{"level":"debug","ts":1581006244.1259894,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"} | |
{"level":"debug","ts":1581006244.126016,"msg":"token expires: 1581024244"} | |
{"level":"debug","ts":1581006244.12603,"msg":"diff from now: 18000"} | |
{"level":"debug","ts":1581006244.1260805,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.126093,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.1263266,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.1263707,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.1263921,"msg":"|302| 16.124517ms /auth","statusCode":302,"request":6,"latency":0.016124517,"avgLatency":0.015196483,"ipPort":"127.0.0.1:48628","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.1608589,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Request-Id:[cbec6a7a5bedb1a0ef270b30e3443ec2] X-Forwarded-Host:[app.example.tld] X-Aasaam-Client-New:[1] Connection:[close] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Upgrade-Insecure-Requests:[1] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Port:[443] X-Request-Time:[1581006244.160] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Site:[same-site] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cache-Control:[max-age=0] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-User:[?1] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48632 /validate <nil> <nil> <nil> 0xc420174990}"} | |
{"level":"debug","ts":1581006244.1609976,"msg":"/validate"} | |
{"level":"debug","ts":1581006244.1610239,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.161038,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.161253,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"} | |
{"level":"debug","ts":1581006244.1613004,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"} | |
{"level":"error","ts":1581006244.1613166,"msg":"no Username found in jwt"} | |
{"level":"debug","ts":1581006244.1613328,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006244.1613424,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.1615033,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.1615267,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006244.1615593,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006244.1615818,"msg":"|401| 562.857µs /validate","statusCode":401,"request":7,"latency":0.000562857,"avgLatency":0.013105965,"ipPort":"127.0.0.1:48632","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.1941767,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[X-Request-Id:[d36555070e9ed26a1949be4ac3e3dca4] X-Request-Time:[1581006244.193] X-Aasaam-Geo-Country-Flag:[🌐] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Proto:[https] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Forwarded-Host:[vouch.example.tld] Connection:[close] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Aasaam-Agent-Version:[79] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80N19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnWTNsWFdsaDNjbFpQVjNaV1UwaHVSRlJHV2xWUVkwbDNiR1pOYldsU1ZIUUdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNQWdBQUJuTjBjbWx1Wnd3Y0FCcG9kSFJ3Y3pvdkwybG1ZWFYwYUM1cGRXMXpMbUZqTG1seUx3TnBiblFFQWdBQXyTjn_xk8eqWtUpCincA9JH4mphwk0YjBA8NCZ50buZ9Q==] X-Aasaam-Client-New:[0] Cache-Control:[max-age=0] X-Aasaam-Agent-Hash:[807ca0a2] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Port:[443] X-Aasaam-Agent-Os:[linux] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48636 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420174c90}"} | |
{"level":"debug","ts":1581006244.194244,"msg":"/login"} | |
{"level":"debug","ts":1581006244.1942606,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.194268,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.1942737,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.1944377,"msg":"session state set to rfuxAKQywmyHhSzUBh5UwowluJEZHmC"} | |
{"level":"debug","ts":1581006244.1944635,"msg":"session requestedURL set to https://app.example.tld/"} | |
{"level":"debug","ts":1581006244.194473,"msg":"failcount for https://app.example.tld/ is 0"} | |
{"level":"debug","ts":1581006244.194479,"msg":"saving session"} | |
{"level":"debug","ts":1581006244.1945596,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC"} | |
{"level":"debug","ts":1581006244.194581,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.1945963,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.194607,"msg":"|302| 355.124µs /login","statusCode":302,"request":8,"latency":0.000355124,"avgLatency":0.01151211,"ipPort":"127.0.0.1:48636","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.345903,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC HTTP/1.0 1 0 map[Connection:[close] X-Request-Time:[1581006244.344] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Request-Id:[b3a9f770f76ca3b89a1d27697bd8f800] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Country-Flag:[🌐] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82Zl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmY21aMWVFRkxVWGwzYlhsSWFGTjZWVUpvTlZWM2IzZHNkVXBGV2todFF3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3djQUJwb2RIUndjem92TDJsbVlYVjBhQzVwZFcxekxtRmpMbWx5THdaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4RGFXNTBCQUlBQWc9PXzGdrgFNy_M2heFpPJRwstQ0x6Z6IwFY2t9SNOHj-_a7A==] Sec-Fetch-User:[?1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Client-New:[0] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Name:[chrome] X-Forwarded-Host:[vouch.example.tld] X-Forwarded-Proto:[https] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] X-Aasaam-Agent-Os:[linux] Accept-Encoding:[gzip, deflate, br] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Hash:[807ca0a2] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] X-Aasaam-Agent-Vendor:[google] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Port:[443] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Version:[79]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48640 /auth?code=pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC <nil> <nil> <nil> 0xc420175380}"} | |
{"level":"debug","ts":1581006244.3460069,"msg":"/auth"} | |
{"level":"debug","ts":1581006244.3462687,"msg":"code: pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA"} | |
{"level":"error","ts":1581006244.360189,"msg":"jws: invalid token received"} | |
{"level":"debug","ts":1581006244.360238,"msg":"/auth Claims from userinfo: {Claims:map[]}"} | |
{"level":"debug","ts":1581006244.3602488,"msg":"/auth CallbackHandler"} | |
{"level":"debug","ts":1581006244.3602626,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"} | |
{"level":"debug","ts":1581006244.3602715,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"} | |
{"level":"debug","ts":1581006244.360301,"msg":"new user.. setting created on to 1581006244"} | |
{"level":"error","ts":1581006244.3603463,"msg":"key required"} | |
{"level":"error","ts":1581006244.3603702,"msg":"key required"} | |
{"level":"debug","ts":1581006244.360407,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"} | |
{"level":"debug","ts":1581006244.3604193,"msg":"token expires: 1581024244"} | |
{"level":"debug","ts":1581006244.3604264,"msg":"diff from now: 18000"} | |
{"level":"debug","ts":1581006244.3604767,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.360497,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.361223,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.3612626,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.3612823,"msg":"|302| 15.267602ms /auth","statusCode":302,"request":9,"latency":0.015267602,"avgLatency":0.011929386,"ipPort":"127.0.0.1:48640","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.403157,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Forwarded-Port:[443] X-Request-Time:[1581006244.396] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Connection:[close] Upgrade-Insecure-Requests:[1] X-Request-Id:[af1b795a75c97355a84c88fe1e062f03] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Forwarded-Proto:[https] Cache-Control:[max-age=0] Sec-Fetch-Site:[same-site] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Client-New:[1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Sec-Fetch-User:[?1] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48646 /validate <nil> <nil> <nil> 0xc420175aa0}"} | |
{"level":"debug","ts":1581006244.4032261,"msg":"/validate"} | |
{"level":"debug","ts":1581006244.4032438,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.4032547,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.4034152,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"} | |
{"level":"debug","ts":1581006244.403444,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"} | |
{"level":"error","ts":1581006244.4034548,"msg":"no Username found in jwt"} | |
{"level":"debug","ts":1581006244.403467,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006244.4035008,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.4035072,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.4038103,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006244.403841,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006244.4041936,"msg":"|401| 637.414µs /validate","statusCode":401,"request":10,"latency":0.000637414,"avgLatency":0.010800189,"ipPort":"127.0.0.1:48646","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.4385726,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] Accept-Encoding:[gzip, deflate, br] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80M19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmY21aMWVFRkxVWGwzYlhsSWFGTjZWVUpvTlZWM2IzZHNkVXBGV2todFF3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3dDQUFBR2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFBPXyggla26kM32Zyg_a4iQJxMvznvAoLfg9FThy3Kp3hScg==] X-Request-Id:[bf1fd001b544ff9003803911efadaf7c] X-Aasaam-Geo-Country-Flag:[🌐] X-Aasaam-Agent-Category:[pc] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Client-New:[0] X-Request-Time:[1581006244.437] X-Aasaam-Agent-Version:[79] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Vendor:[google] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Port:[443] Cache-Control:[max-age=0] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Hash:[807ca0a2] Connection:[close] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Site:[same-site] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Os:[linux] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] X-Forwarded-Proto:[https] X-Aasaam-Geo-Default-Lang-Direction:[ltr]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48652 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420175e00}"} | |
{"level":"debug","ts":1581006244.4386234,"msg":"/login"} | |
{"level":"debug","ts":1581006244.438637,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.4386437,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.438649,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.4388137,"msg":"session state set to bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC"} | |
{"level":"debug","ts":1581006244.4388354,"msg":"session requestedURL set to https://app.example.tld/"} | |
{"level":"debug","ts":1581006244.4388437,"msg":"failcount for https://app.example.tld/ is 0"} | |
{"level":"debug","ts":1581006244.4388494,"msg":"saving session"} | |
{"level":"debug","ts":1581006244.4389324,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC"} | |
{"level":"debug","ts":1581006244.4389575,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.4389803,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.4390056,"msg":"|302| 357.679µs /login","statusCode":302,"request":11,"latency":0.000357679,"avgLatency":0.00985087,"ipPort":"127.0.0.1:48652","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.5836582,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC HTTP/1.0 1 0 map[X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Client-New:[0] X-Forwarded-Port:[443] X-Aasaam-Agent-Name:[chrome] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-For:[XXX.XXX.64.31] Cache-Control:[max-age=0] Sec-Fetch-User:[?1] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82Zl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmWW5CQ00xQnVhVmhUYlRSc2FFZDVNR3hHY1ZCTGVITjFkekZ0YW5SR1F3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3djQUJwb2RIUndjem92TDJsbVlYVjBhQzVwZFcxekxtRmpMbWx5THdaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4RGFXNTBCQUlBQWc9PXzpCEXKP1kECEEymXc0IbE8CCYcl-h3Z4CiN2k5A3v2OQ==] X-Aasaam-Agent-Hash:[807ca0a2] X-Forwarded-Proto:[https] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Os:[linux] X-Request-Id:[f23fdea5a4f87aaa8dd37564e8861bc1] X-Aasaam-Geo-Country-Flag:[🌐] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google] Sec-Fetch-Site:[same-site] X-Request-Time:[1581006244.582] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Version:[79] Connection:[close] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48658 /auth?code=pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC <nil> <nil> <nil> 0xc42018a630}"} | |
{"level":"debug","ts":1581006244.5837288,"msg":"/auth"} | |
{"level":"debug","ts":1581006244.5843143,"msg":"code: pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ"} | |
{"level":"error","ts":1581006244.606126,"msg":"jws: invalid token received"} | |
{"level":"debug","ts":1581006244.6061752,"msg":"/auth Claims from userinfo: {Claims:map[]}"} | |
{"level":"debug","ts":1581006244.6061883,"msg":"/auth CallbackHandler"} | |
{"level":"debug","ts":1581006244.606203,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"} | |
{"level":"debug","ts":1581006244.6062121,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"} | |
{"level":"debug","ts":1581006244.6062431,"msg":"new user.. setting created on to 1581006244"} | |
{"level":"error","ts":1581006244.6062896,"msg":"key required"} | |
{"level":"error","ts":1581006244.6063066,"msg":"key required"} | |
{"level":"debug","ts":1581006244.6063468,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"} | |
{"level":"debug","ts":1581006244.6063683,"msg":"token expires: 1581024244"} | |
{"level":"debug","ts":1581006244.606376,"msg":"diff from now: 18000"} | |
{"level":"debug","ts":1581006244.6064706,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.6065056,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.606742,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.606781,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.6067944,"msg":"|302| 23.054442ms /auth","statusCode":302,"request":12,"latency":0.023054442,"avgLatency":0.010951167,"ipPort":"127.0.0.1:48658","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.6405988,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[Connection:[close] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Request-Id:[ee5029e9f876eacb2a08962d8f3e1f18] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Site:[same-site] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Forwarded-Host:[app.example.tld] X-Forwarded-Port:[443] X-Request-Time:[1581006244.639] X-Aasaam-Client-New:[1] Cache-Control:[max-age=0] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Sec-Fetch-Mode:[navigate] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-User:[?1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48666 /validate <nil> <nil> <nil> 0xc420272930}"} | |
{"level":"debug","ts":1581006244.6406765,"msg":"/validate"} | |
{"level":"debug","ts":1581006244.6407025,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.6407208,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.6414466,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"} | |
{"level":"debug","ts":1581006244.641477,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"} | |
{"level":"error","ts":1581006244.6414902,"msg":"no Username found in jwt"} | |
{"level":"debug","ts":1581006244.6415055,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006244.641515,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.641523,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.6415398,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006244.6415555,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006244.641583,"msg":"|401| 881.031µs /validate","statusCode":401,"request":13,"latency":0.000881031,"avgLatency":0.010176542,"ipPort":"127.0.0.1:48666","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.675224,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[X-Aasaam-Agent-Vendor:[google] Upgrade-Insecure-Requests:[1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Os:[linux] Cache-Control:[max-age=0] Sec-Fetch-User:[?1] X-Forwarded-Host:[vouch.example.tld] Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] X-Request-Time:[1581006244.674] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80M19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmWW5CQ00xQnVhVmhUYlRSc2FFZDVNR3hHY1ZCTGVITjFkekZ0YW5SR1F3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3dDQUFBR2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFBPXxaU0v8mdyUeUeZh519OrLxHnGjoP7u8XW9QdWUoKexQQ==] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Country-Flag:[🌐] Sec-Fetch-Mode:[navigate] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Version:[79] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Request-Id:[d42bd02a40b94bc396409f485e734775] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48668 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420272c60}"} | |
{"level":"debug","ts":1581006244.6753058,"msg":"/login"} | |
{"level":"debug","ts":1581006244.6753256,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.6753352,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.6753428,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.6755395,"msg":"session state set to PfUfzccPQckXYBScXIZuBKu1eBhsuO8N"} | |
{"level":"debug","ts":1581006244.675571,"msg":"session requestedURL set to https://app.example.tld/"} | |
{"level":"debug","ts":1581006244.675582,"msg":"failcount for https://app.example.tld/ is 0"} | |
{"level":"debug","ts":1581006244.67559,"msg":"saving session"} | |
{"level":"debug","ts":1581006244.675906,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N"} | |
{"level":"debug","ts":1581006244.6759365,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.6759555,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.6759684,"msg":"|302| 652.303µs /login","statusCode":302,"request":14,"latency":0.000652303,"avgLatency":0.00949624,"ipPort":"127.0.0.1:48668","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.822487,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N HTTP/1.0 1 0 map[X-Aasaam-Geo-Default-Lang-Direction:[ltr] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Host:[vouch.example.tld] X-Request-Time:[1581006244.821] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Hash:[807ca0a2] X-Real-Ip:[XXX.XXX.64.31] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Forwarded-Port:[443] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnVUdaVlpucGpZMUJSWTJ0WVdVSlRZMWhKV25WQ1MzVXhaVUpvYzNWUE9FNEdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXyDQdejcgcaydb2lWsL_LhmgGq25Pz1by7b8-0wipugNw==] X-Aasaam-Client-New:[0] X-Aasaam-Geo-Country-Flag:[🌐] Connection:[close] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Category:[pc] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Os:[linux] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Request-Id:[c7933cc1af8d53b3b261951d93a9a86f] X-Aasaam-Agent-Version:[79] X-Aasaam-Agent-Vendor:[google] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48674 /auth?code=pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N <nil> <nil> <nil> 0xc4202733e0}"} | |
{"level":"debug","ts":1581006244.822544,"msg":"/auth"} | |
{"level":"debug","ts":1581006244.8227215,"msg":"code: pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q"} | |
{"level":"error","ts":1581006244.8438056,"msg":"jws: invalid token received"} | |
{"level":"debug","ts":1581006244.8438454,"msg":"/auth Claims from userinfo: {Claims:map[]}"} | |
{"level":"debug","ts":1581006244.8438563,"msg":"/auth CallbackHandler"} | |
{"level":"debug","ts":1581006244.843871,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"} | |
{"level":"debug","ts":1581006244.8438802,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"} | |
{"level":"debug","ts":1581006244.8439097,"msg":"new user.. setting created on to 1581006244"} | |
{"level":"error","ts":1581006244.8442779,"msg":"key required"} | |
{"level":"error","ts":1581006244.8443105,"msg":"key required"} | |
{"level":"debug","ts":1581006244.8443413,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"} | |
{"level":"debug","ts":1581006244.84435,"msg":"token expires: 1581024244"} | |
{"level":"debug","ts":1581006244.8443553,"msg":"diff from now: 18000"} | |
{"level":"debug","ts":1581006244.8444068,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"} | |
{"level":"debug","ts":1581006244.844423,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.8445735,"msg":"CaptureWriter.Write set w.StatusCode 302"} | |
{"level":"debug","ts":1581006244.8446095,"msg":"Request handled successfully: 302"} | |
{"level":"info","ts":1581006244.8446236,"msg":"|302| 22.066775ms /auth","statusCode":302,"request":15,"latency":0.022066775,"avgLatency":0.010334275,"ipPort":"127.0.0.1:48674","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006244.8778102,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Request-Id:[691fd820b8d4df2ae9cd08635e5b751a] X-Forwarded-Host:[app.example.tld] X-Request-Time:[1581006244.877] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-Proto:[https] X-Aasaam-Client-New:[1] Connection:[close] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Port:[443] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Mode:[navigate]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48678 /validate <nil> <nil> <nil> 0xc4201a7290}"} | |
{"level":"debug","ts":1581006244.8778653,"msg":"/validate"} | |
{"level":"debug","ts":1581006244.8778825,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.877895,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"} | |
{"level":"debug","ts":1581006244.878019,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"} | |
{"level":"debug","ts":1581006244.8780437,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"} | |
{"level":"error","ts":1581006244.878055,"msg":"no Username found in jwt"} | |
{"level":"debug","ts":1581006244.8780684,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"} | |
{"level":"debug","ts":1581006244.8780918,"msg":"setting the cookie domain to .example.tld"} | |
{"level":"debug","ts":1581006244.8780994,"msg":"deleting cookie: VouchCookie"} | |
{"level":"debug","ts":1581006244.8781135,"msg":"CaptureWriter.Write set w.StatusCode 401"} | |
{"level":"debug","ts":1581006244.8781269,"msg":"Request handled successfully: 401"} | |
{"level":"info","ts":1581006244.8781383,"msg":"|401| 262.178µs /validate","statusCode":401,"request":16,"latency":0.000262178,"avgLatency":0.009704769,"ipPort":"127.0.0.1:48678","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"} | |
{"level":"debug","ts":1581006282.643884,"msg":"Request received : &{GET /healthcheck HTTP/1.1 1 1 map[User-Agent:[Go-http-client/1.1] Accept-Encoding:[gzip]] {} <nil> 0 [] false 0.0.0.0:19090 map[] map[] <nil> map[] 127.0.0.1:53686 /healthcheck <nil> <nil> <nil> 0xc4201a75c0}"} | |
{"level":"debug","ts":1581006282.6439147,"msg":"CaptureWriter.Write set w.StatusCode 200"} | |
{"level":"debug","ts":1581006282.6439242,"msg":"Request handled successfully: 200"} | |
{"level":"info","ts":1581006282.64396,"msg":"|200| 13.287µs /healthcheck","statusCode":200,"request":17,"latency":0.000013287,"avgLatency":0.009134682,"ipPort":"127.0.0.1:53686","method":"GET","host":"0.0.0.0:19090","path":"/healthcheck","referer":""} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl http2; | |
server_name vouch.example.tld; | |
ssl_certificate /cert/fullchain.pem; | |
ssl_certificate_key /cert/privkey.pem; | |
ssl_trusted_certificate /cert/chain.pem; | |
location / { | |
proxy_set_header Host $http_host; | |
proxy_pass http://127.0.0.1:19090; | |
} | |
} | |
server { | |
listen 443 ssl http2; | |
server_name app.example.tld; | |
ssl_certificate /cert/fullchain.pem; | |
ssl_certificate_key /cert/privkey.pem; | |
ssl_trusted_certificate /cert/chain.pem; | |
auth_request /validate; | |
location /validate { | |
proxy_pass http://127.0.0.1:19090/validate; | |
proxy_set_header Host $http_host; | |
proxy_pass_request_body off; | |
proxy_set_header Content-Length ""; | |
# pass Vouch headers along with the request | |
#auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; | |
auth_request_set $auth_resp_x_vouch_idp_idtoken $upstream_http_x_vouch_idp_idtoken; | |
# these return values are used by the @error401 call | |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; | |
auth_request_set $auth_resp_err $upstream_http_x_vouch_err; | |
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; | |
} | |
error_page 401 = @error401; | |
location @error401 { | |
return 302 https://vouch.example.tld/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err; | |
} | |
location / { | |
add_header 'Content-Type' 'text/plain'; | |
echo 'ok'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment