Skip to content

Instantly share code, notes, and snippets.

@mhf-ir
Last active February 6, 2020 16:32
Show Gist options
  • Save mhf-ir/ef96979f4dbb4138a3c95236f0edcb20 to your computer and use it in GitHub Desktop.
Save mhf-ir/ef96979f4dbb4138a3c95236f0edcb20 to your computer and use it in GitHub Desktop.
Vouch proxy ADFS
vouch:
logLevel: debug
testing: true
listen: 0.0.0.0
port: 19090
AllowAllUsers: true
domains:
- example.tld
- app.example.tld
- vouch.example.tld
- adfs.example.tld
cookie:
name: VouchCookie
headers:
jwt: X-Vouch-Token
querystring: access_token
redirect: X-Vouch-Requested-URI
idToken: X-Vouch-IdP-IdToken
jwt:
secret: mahSahthi6tahpa0aev2goo9zeij4jonai0iehei5Chi4eec
maxAge: 300
compress: true
db:
file: /db/vouch_bolt.db
oauth:
provider: adfs
client_id: 9b31f91c-91da-47df-899f-e66c7b9cc2ef
client_secret: aivahf7Eeyougitoh2eig7meequohs8feiroh3oshohshoh2
auth_url: https://adfs.example.tld/adfs/oauth2/authorize/
token_url: https://adfs.example.tld/adfs/oauth2/token/
scopes:
- email
- profile
- openid
callback_url: https://vouch.example.tld/auth
{"level":"debug","ts":1581006222.3768554,"msg":"logLevel set to debug"}
{"level":"warn","ts":1581006222.3769734,"msg":"generating random session.key"}
{"level":"info","ts":1581006222.3770669,"msg":"configuring ADFS OAuth"}
{"level":"info","ts":1581006222.3771338,"msg":"configuring adfs OAuth with Endpoint https://adfs.example.tld/adfs/oauth2/authorize/"}
{"level":"debug","ts":1581006222.3771772,"msg":"vouch.jwt.secret is 44 characters long"}
{"level":"debug","ts":1581006222.377193,"msg":"vouch.session.key is 44 characters long"}
{"level":"debug","ts":1581006222.3772035,"msg":"checking availability of tcp port: 0.0.0.0:19090"}
{"level":"debug","ts":1581006222.3780773,"msg":"viper settings map[oauth:map[auth_url:https://adfs.example.tld/adfs/oauth2/authorize/ token_url:https://adfs.example.tld/adfs/oauth2/token/ scopes:[email profile openid] callback_url:https://vouch.example.tld/auth client_id:9b31f91c-91da-47df-899f-e66c7b9cc2ef provider:adfs client_secret:HdjzbBRMwTF2c_n-Vx0zScLYImd9hDGH-drfOeP0] vouch:map[jwt:map[compress:false maxage:300 secret:54V2jDpTQs7AfaoNOI/6J7quwyIvGLn48d8YCPWIeLE=] port:19090 headers:map[jwt:X-Vouch-Token redirect:X-Vouch-Requested-URI idtoken:X-Vouch-IdP-IdToken querystring:access_token] cookie:map[domain:.example.tld secure:false name:VouchCookie] listen:0.0.0.0 domains:[example.tld app.example.tld vouch.example.tld adfs.example.tld] allowallusers:true db:map[file:/db/vouch_bolt.db] loglevel:debug]]"}
{"level":"debug","ts":1581006222.3781853,"msg":"opening dbfile /db/vouch_bolt.db"}
{"level":"info","ts":1581006222.383021,"msg":"starting Vouch","version":"14b5740","buildtime":"2019-12-19T19:29:27Z","buildhost":"453007767e95","branch":"master","semver":"v0.6.17","listen":"0.0.0.0:19090","oauth.provider":"adfs"}
{"level":"debug","ts":1581006222.3832712,"msg":"serving static files from /static"}
{"level":"debug","ts":1581006230.4061077,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Sec-Fetch-User:[?1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006901] X-Aasaam-Client-New:[1] Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Mode:[navigate] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Request-Id:[b690d68e8aca09f0a5ae818bd663a2e3] X-Forwarded-Port:[443] Upgrade-Insecure-Requests:[1] Sec-Fetch-Site:[none] X-Request-Time:[1581006230.404]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:47938 /validate <nil> <nil> <nil> 0xc4201a6a80}"}
{"level":"debug","ts":1581006230.4061875,"msg":"/validate"}
{"level":"error","ts":1581006230.4062333,"msg":"no jwt found in request"}
{"level":"debug","ts":1581006230.4062662,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006230.4062786,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006230.4065607,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006230.4066162,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006230.4066386,"msg":"|401| 434.956µs /validate","statusCode":401,"request":1,"latency":0.000434956,"avgLatency":0.000434956,"ipPort":"127.0.0.1:47938","method":"GET","host":"app.example.tld","path":"/validate","referer":""}
{"level":"debug","ts":1581006230.4445183,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Sec-Fetch-Site:[none] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Version:[79] X-Aasaam-Geo-Country-Flag:[🌐] Connection:[close] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Request-Time:[1581006230.443] X-Forwarded-Port:[443] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Os:[linux] Upgrade-Insecure-Requests:[1] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Client-Id:[9bcecad5] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept-Encoding:[gzip, deflate, br] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-Mode:[navigate] X-Request-Id:[40851b9328e8982825cc22136653d5d9] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Vendor:[google] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:47940 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc4201a6cf0}"}
{"level":"debug","ts":1581006230.4446108,"msg":"/login"}
{"level":"debug","ts":1581006230.4446263,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006230.4446328,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006230.4447258,"msg":"session state set to yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006230.4447427,"msg":"session requestedURL set to https://app.example.tld/"}
{"level":"debug","ts":1581006230.4447494,"msg":"saving session"}
{"level":"debug","ts":1581006230.445172,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006230.4452028,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006230.4454443,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006230.4454672,"msg":"|302| 834.853µs /login","statusCode":302,"request":2,"latency":0.000834853,"avgLatency":0.000634904,"ipPort":"127.0.0.1:47940","method":"GET","host":"vouch.example.tld","path":"/login","referer":""}
{"level":"debug","ts":1581006243.8035188,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz HTTP/1.0 1 0 map[X-Request-Id:[f612862bf79ba4f86cf9673b8d421144] X-Request-Time:[1581006243.801] X-Aasaam-Client-Id:[9bcecad5] Connection:[close] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Port:[443] X-Aasaam-Client-New:[0] Sec-Fetch-User:[?1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjIzMHxEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnZVhoYWVVbGxZbEV4ZFUxdFNuQnVhbHAwVEZVemFqVlpRalJoV1V0b1ZYb0djM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXye32fNF2MIgnGoh0UKfYbBunhn_12lomtpCc9_D-zq0g==] X-Aasaam-Geo-Country-Flag:[🌐] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Hash:[807ca0a2] Cache-Control:[max-age=0] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Version:[79] X-Aasaam-Agent-Vendor:[google] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Os:[linux] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Site:[same-site]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48614 /auth?code=pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz <nil> <nil> <nil> 0xc42018bd10}"}
{"level":"debug","ts":1581006243.8037906,"msg":"/auth"}
{"level":"debug","ts":1581006243.8042417,"msg":"code: pQsdRgx81UmttR9DQRsFow.y525-yCr1wi6ANDM0N34DfnzYzg.OzYTIiOc08GLad02Zh5MpTuGUozCKa3OrZWTaYY7FFXb8s7Der9n6O5LNj8G1ORFn5jzrIWGCvmT-vjgXg6tMq1MD24em8dGALESU5BeuYh1RtZayAjEQifAyKJhMkd1jjd2e2pxda82hv0ql-C1g5OY8Kny0nBYOOOsEsMnkDvHTPSNlZ-IDNcWcM7VLQ0LqGevwoWq4wh1ZvwbOCS_nuR6Z-QSOYTnZLVyYw0adkNS4hwJDK1ABQFMxhIhSgJmQircd6DLxSpEfGm-rEA3DsauSpmJkJhXxXRwqrSPkP1mdG5dL_NCbYHgS__u70nYdxxMo4ce_GT8i1rCt5YcLg"}
{"level":"error","ts":1581006243.8749158,"msg":"jws: invalid token received"}
{"level":"debug","ts":1581006243.8749745,"msg":"/auth Claims from userinfo: {Claims:map[]}"}
{"level":"debug","ts":1581006243.8749862,"msg":"/auth CallbackHandler"}
{"level":"debug","ts":1581006243.8750114,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"}
{"level":"debug","ts":1581006243.8750224,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"}
{"level":"debug","ts":1581006243.875279,"msg":"new user.. setting created on to 1581006243"}
{"level":"error","ts":1581006243.8753667,"msg":"key required"}
{"level":"error","ts":1581006243.8753965,"msg":"key required"}
{"level":"debug","ts":1581006243.8754392,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024243 0 Vouch 0 }} false}"}
{"level":"debug","ts":1581006243.8754485,"msg":"token expires: 1581024243"}
{"level":"debug","ts":1581006243.8754528,"msg":"diff from now: 18000"}
{"level":"debug","ts":1581006243.875562,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006243.8758647,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006243.8759408,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006243.875965,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006243.8759823,"msg":"|302| 72.191129ms /auth","statusCode":302,"request":3,"latency":0.072191129,"avgLatency":0.024486979,"ipPort":"127.0.0.1:48614","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006243.9168053,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Aasaam-Client-New:[1] Upgrade-Insecure-Requests:[1] Sec-Fetch-Site:[same-site] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Request-Time:[1581006243.915] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Request-Id:[2b4510216b71bcc4ff57e87f7ec210e2] X-Real-Ip:[XXX.XXX.64.31] Sec-Fetch-User:[?1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c] Connection:[close] Cache-Control:[max-age=0]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48620 /validate <nil> <nil> <nil> 0xc420370900}"}
{"level":"debug","ts":1581006243.9168768,"msg":"/validate"}
{"level":"debug","ts":1581006243.916936,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c"}
{"level":"debug","ts":1581006243.9169517,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c"}
{"level":"debug","ts":1581006243.9172158,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024243 0 Vouch 0 }}"}
{"level":"debug","ts":1581006243.917252,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024243 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"}
{"level":"error","ts":1581006243.917274,"msg":"no Username found in jwt"}
{"level":"debug","ts":1581006243.9172904,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006243.9173,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006243.9173071,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006243.9173222,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006243.9173357,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006243.917348,"msg":"|401| 472.132µs /validate","statusCode":401,"request":4,"latency":0.000472132,"avgLatency":0.018483268,"ipPort":"127.0.0.1:48620","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006243.9565418,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Forwarded-Port:[443] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Real-Ip:[XXX.XXX.64.31] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0MywiaXNzIjoiVm91Y2gifQ.z9oNFnISKHiEx0Sj6FkGzZ0tPEGVEOVOpVgsbcFUP2c; VouchSession=MTU4MTAwNjI0M3xEdi1CQkFFQ180SUFBUkFCRUFBQV80N19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnZVhoYWVVbGxZbEV4ZFUxdFNuQnVhbHAwVEZVemFqVlpRalJoV1V0b1ZYb0djM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNQWdBQUJuTjBjbWx1Wnd3Y0FCcG9kSFJ3Y3pvdkwybG1ZWFYwYUM1cGRXMXpMbUZqTG1seUx3TnBiblFFQWdBQXxRQh3TEXSUqcrOI-pR8E-vLHS-ZztEMCGuMSTc6Ys3jg==] X-Request-Id:[e9a9598f52344f6e386e45d4468dc947] X-Forwarded-Host:[vouch.example.tld] X-Forwarded-Proto:[https] Sec-Fetch-User:[?1] Accept-Encoding:[gzip, deflate, br] Cache-Control:[max-age=0] Sec-Fetch-Site:[same-site] Sec-Fetch-Mode:[navigate] X-Request-Time:[1581006243.955] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Name:[chrome] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Version:[79] X-Aasaam-Geo-Country-Flag:[🌐] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Agent-Os:[linux] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google] Upgrade-Insecure-Requests:[1]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48622 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc42001e450}"}
{"level":"debug","ts":1581006243.9566412,"msg":"/login"}
{"level":"debug","ts":1581006243.956664,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006243.956679,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006243.9566877,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006243.9574695,"msg":"session state set to cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt"}
{"level":"debug","ts":1581006243.9575016,"msg":"session requestedURL set to https://app.example.tld/"}
{"level":"debug","ts":1581006243.957515,"msg":"failcount for https://app.example.tld/ is 0"}
{"level":"debug","ts":1581006243.9575226,"msg":"saving session"}
{"level":"debug","ts":1581006243.9576814,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt"}
{"level":"debug","ts":1581006243.9577262,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006243.9577606,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006243.9577963,"msg":"|302| 1.121313ms /login","statusCode":302,"request":5,"latency":0.001121313,"avgLatency":0.015010877,"ipPort":"127.0.0.1:48622","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.110164,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt HTTP/1.0 1 0 map[Connection:[close] Cache-Control:[max-age=0] X-Request-Id:[7823940bd53bfd203c4d5cc2ccb837af] X-Aasaam-Agent-Version:[79] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Os:[linux] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Forwarded-Port:[443] X-Request-Time:[1581006244.109] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Agent-Vendor:[google] X-Aasaam-Agent-Hash:[807ca0a2] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0M3xEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnWTNsWFdsaDNjbFpQVjNaV1UwaHVSRlJHV2xWUVkwbDNiR1pOYldsU1ZIUUdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXyqse6O2nikzolX6oqqVESivEdQgyVf44zsJ6jPsAbOOA==] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Client-New:[0] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Geo-Country-Flag:[🌐] X-Forwarded-Proto:[https] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Host:[vouch.example.tld] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48628 /auth?code=pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg&state=cyWZXwrVOWvVSHnDTFZUPcIwlfMmiRTt <nil> <nil> <nil> 0xc42001eb70}"}
{"level":"debug","ts":1581006244.1102476,"msg":"/auth"}
{"level":"debug","ts":1581006244.110698,"msg":"code: pQsdRgx81UmttR9DQRsFow.FJ3n-yCr1wi7ANZs7_1uF5m5YFQ.OwAUNLSqbtd4xAT5FQhYS7EiRF1Lvx5NcNdGgEtG0r2G-woiVQWiVIrTj5i3LtPyFFoVhVwLHsbvb1qq3wWK4aks_yrpClZs4Tt6nWuOjQVYgMO2jVDGCNVjLoC_OrfqNrspo8nQjkrJkFxKdtXlKyeqAaNtMIhDAvuJeTS_h10MYM6sPjzKGIpQ7YuIv6OgA1quo_m25bepp0zIBIsVNSz6nrcBas8laEY-2MiF9gAEmpi60XUqOdp-tR65Yt5LfISI7-g6UgJybyX5d0x5J9Ra7ivi92C0GpfIJmePOMZ1KDORSUoX449x2VMbYNOrFVO9xouKXoElayY3oIBRRg"}
{"level":"error","ts":1581006244.1256704,"msg":"jws: invalid token received"}
{"level":"debug","ts":1581006244.1257057,"msg":"/auth Claims from userinfo: {Claims:map[]}"}
{"level":"debug","ts":1581006244.1257155,"msg":"/auth CallbackHandler"}
{"level":"debug","ts":1581006244.1258433,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"}
{"level":"debug","ts":1581006244.1258583,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"}
{"level":"debug","ts":1581006244.125886,"msg":"new user.. setting created on to 1581006244"}
{"level":"error","ts":1581006244.1259239,"msg":"key required"}
{"level":"error","ts":1581006244.1259441,"msg":"key required"}
{"level":"debug","ts":1581006244.1259894,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"}
{"level":"debug","ts":1581006244.126016,"msg":"token expires: 1581024244"}
{"level":"debug","ts":1581006244.12603,"msg":"diff from now: 18000"}
{"level":"debug","ts":1581006244.1260805,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.126093,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.1263266,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.1263707,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.1263921,"msg":"|302| 16.124517ms /auth","statusCode":302,"request":6,"latency":0.016124517,"avgLatency":0.015196483,"ipPort":"127.0.0.1:48628","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.1608589,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Request-Id:[cbec6a7a5bedb1a0ef270b30e3443ec2] X-Forwarded-Host:[app.example.tld] X-Aasaam-Client-New:[1] Connection:[close] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Upgrade-Insecure-Requests:[1] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Port:[443] X-Request-Time:[1581006244.160] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Site:[same-site] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Cache-Control:[max-age=0] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-User:[?1] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48632 /validate <nil> <nil> <nil> 0xc420174990}"}
{"level":"debug","ts":1581006244.1609976,"msg":"/validate"}
{"level":"debug","ts":1581006244.1610239,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.161038,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.161253,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"}
{"level":"debug","ts":1581006244.1613004,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"}
{"level":"error","ts":1581006244.1613166,"msg":"no Username found in jwt"}
{"level":"debug","ts":1581006244.1613328,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006244.1613424,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.1615033,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.1615267,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006244.1615593,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006244.1615818,"msg":"|401| 562.857µs /validate","statusCode":401,"request":7,"latency":0.000562857,"avgLatency":0.013105965,"ipPort":"127.0.0.1:48632","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.1941767,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[X-Request-Id:[d36555070e9ed26a1949be4ac3e3dca4] X-Request-Time:[1581006244.193] X-Aasaam-Geo-Country-Flag:[🌐] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Proto:[https] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Forwarded-Host:[vouch.example.tld] Connection:[close] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Aasaam-Agent-Version:[79] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80N19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnWTNsWFdsaDNjbFpQVjNaV1UwaHVSRlJHV2xWUVkwbDNiR1pOYldsU1ZIUUdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNQWdBQUJuTjBjbWx1Wnd3Y0FCcG9kSFJ3Y3pvdkwybG1ZWFYwYUM1cGRXMXpMbUZqTG1seUx3TnBiblFFQWdBQXyTjn_xk8eqWtUpCincA9JH4mphwk0YjBA8NCZ50buZ9Q==] X-Aasaam-Client-New:[0] Cache-Control:[max-age=0] X-Aasaam-Agent-Hash:[807ca0a2] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Port:[443] X-Aasaam-Agent-Os:[linux] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48636 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420174c90}"}
{"level":"debug","ts":1581006244.194244,"msg":"/login"}
{"level":"debug","ts":1581006244.1942606,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.194268,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.1942737,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.1944377,"msg":"session state set to rfuxAKQywmyHhSzUBh5UwowluJEZHmC"}
{"level":"debug","ts":1581006244.1944635,"msg":"session requestedURL set to https://app.example.tld/"}
{"level":"debug","ts":1581006244.194473,"msg":"failcount for https://app.example.tld/ is 0"}
{"level":"debug","ts":1581006244.194479,"msg":"saving session"}
{"level":"debug","ts":1581006244.1945596,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC"}
{"level":"debug","ts":1581006244.194581,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.1945963,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.194607,"msg":"|302| 355.124µs /login","statusCode":302,"request":8,"latency":0.000355124,"avgLatency":0.01151211,"ipPort":"127.0.0.1:48636","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.345903,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC HTTP/1.0 1 0 map[Connection:[close] X-Request-Time:[1581006244.344] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Request-Id:[b3a9f770f76ca3b89a1d27697bd8f800] X-Aasaam-Agent-Category:[pc] X-Aasaam-Geo-Country-Flag:[🌐] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82Zl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmY21aMWVFRkxVWGwzYlhsSWFGTjZWVUpvTlZWM2IzZHNkVXBGV2todFF3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3djQUJwb2RIUndjem92TDJsbVlYVjBhQzVwZFcxekxtRmpMbWx5THdaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4RGFXNTBCQUlBQWc9PXzGdrgFNy_M2heFpPJRwstQ0x6Z6IwFY2t9SNOHj-_a7A==] Sec-Fetch-User:[?1] Sec-Fetch-Mode:[navigate] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Client-New:[0] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Name:[chrome] X-Forwarded-Host:[vouch.example.tld] X-Forwarded-Proto:[https] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] X-Aasaam-Agent-Os:[linux] Accept-Encoding:[gzip, deflate, br] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Hash:[807ca0a2] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] X-Aasaam-Agent-Vendor:[google] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Port:[443] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Version:[79]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48640 /auth?code=pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA&state=rfuxAKQywmyHhSzUBh5UwowluJEZHmC <nil> <nil> <nil> 0xc420175380}"}
{"level":"debug","ts":1581006244.3460069,"msg":"/auth"}
{"level":"debug","ts":1581006244.3462687,"msg":"code: pQsdRgx81UmttR9DQRsFow.KGAL_CCr1wi8ANnsoe7j0gbfomk.hre9Oo1-I1Y8CrxH0zWEtBeScV9vfifGRe8Eax5DPw9bVgvPusiz_SS2pv_tF6wxv14BnJ_0hfL-_FTxoOSrwqRlCHSXzqvQk3BB7H-ZPzRO6bknz3lBPU_WHpqvf0uLAzesk3qFU2vebOzvNGndv7ouo_eRis8mpeJnYhu25WyUPeKz8Re_reC4wQov-1QCWcrjs8UMXcMcPQEscHG7AZDpXkAQzTqfz1COOuKpQ4lDF7kRTI_OP6rcxkgBJiJj3HsrShkU-YpMSXVE0UCLgl-3WOmIDUReVUABs-IH3soBOHQcKcfqhe-38U--mNRoyhekUrxmA4SYTqMtlIeEaA"}
{"level":"error","ts":1581006244.360189,"msg":"jws: invalid token received"}
{"level":"debug","ts":1581006244.360238,"msg":"/auth Claims from userinfo: {Claims:map[]}"}
{"level":"debug","ts":1581006244.3602488,"msg":"/auth CallbackHandler"}
{"level":"debug","ts":1581006244.3602626,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"}
{"level":"debug","ts":1581006244.3602715,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"}
{"level":"debug","ts":1581006244.360301,"msg":"new user.. setting created on to 1581006244"}
{"level":"error","ts":1581006244.3603463,"msg":"key required"}
{"level":"error","ts":1581006244.3603702,"msg":"key required"}
{"level":"debug","ts":1581006244.360407,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"}
{"level":"debug","ts":1581006244.3604193,"msg":"token expires: 1581024244"}
{"level":"debug","ts":1581006244.3604264,"msg":"diff from now: 18000"}
{"level":"debug","ts":1581006244.3604767,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.360497,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.361223,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.3612626,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.3612823,"msg":"|302| 15.267602ms /auth","statusCode":302,"request":9,"latency":0.015267602,"avgLatency":0.011929386,"ipPort":"127.0.0.1:48640","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.403157,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Forwarded-Port:[443] X-Request-Time:[1581006244.396] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Connection:[close] Upgrade-Insecure-Requests:[1] X-Request-Id:[af1b795a75c97355a84c88fe1e062f03] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Host:[app.example.tld] X-Forwarded-Proto:[https] Cache-Control:[max-age=0] Sec-Fetch-Site:[same-site] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Client-New:[1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Sec-Fetch-User:[?1] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48646 /validate <nil> <nil> <nil> 0xc420175aa0}"}
{"level":"debug","ts":1581006244.4032261,"msg":"/validate"}
{"level":"debug","ts":1581006244.4032438,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.4032547,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.4034152,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"}
{"level":"debug","ts":1581006244.403444,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"}
{"level":"error","ts":1581006244.4034548,"msg":"no Username found in jwt"}
{"level":"debug","ts":1581006244.403467,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006244.4035008,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.4035072,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.4038103,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006244.403841,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006244.4041936,"msg":"|401| 637.414µs /validate","statusCode":401,"request":10,"latency":0.000637414,"avgLatency":0.010800189,"ipPort":"127.0.0.1:48646","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.4385726,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] Accept-Encoding:[gzip, deflate, br] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80M19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmY21aMWVFRkxVWGwzYlhsSWFGTjZWVUpvTlZWM2IzZHNkVXBGV2todFF3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3dDQUFBR2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFBPXyggla26kM32Zyg_a4iQJxMvznvAoLfg9FThy3Kp3hScg==] X-Request-Id:[bf1fd001b544ff9003803911efadaf7c] X-Aasaam-Geo-Country-Flag:[🌐] X-Aasaam-Agent-Category:[pc] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Client-New:[0] X-Request-Time:[1581006244.437] X-Aasaam-Agent-Version:[79] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] X-Aasaam-Agent-Vendor:[google] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Port:[443] Cache-Control:[max-age=0] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Hash:[807ca0a2] Connection:[close] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Sec-Fetch-Site:[same-site] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Os:[linux] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] X-Forwarded-Proto:[https] X-Aasaam-Geo-Default-Lang-Direction:[ltr]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48652 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420175e00}"}
{"level":"debug","ts":1581006244.4386234,"msg":"/login"}
{"level":"debug","ts":1581006244.438637,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.4386437,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.438649,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.4388137,"msg":"session state set to bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC"}
{"level":"debug","ts":1581006244.4388354,"msg":"session requestedURL set to https://app.example.tld/"}
{"level":"debug","ts":1581006244.4388437,"msg":"failcount for https://app.example.tld/ is 0"}
{"level":"debug","ts":1581006244.4388494,"msg":"saving session"}
{"level":"debug","ts":1581006244.4389324,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC"}
{"level":"debug","ts":1581006244.4389575,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.4389803,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.4390056,"msg":"|302| 357.679µs /login","statusCode":302,"request":11,"latency":0.000357679,"avgLatency":0.00985087,"ipPort":"127.0.0.1:48652","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.5836582,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC HTTP/1.0 1 0 map[X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Client-New:[0] X-Forwarded-Port:[443] X-Aasaam-Agent-Name:[chrome] Upgrade-Insecure-Requests:[1] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-For:[XXX.XXX.64.31] Cache-Control:[max-age=0] Sec-Fetch-User:[?1] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82Zl9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmWW5CQ00xQnVhVmhUYlRSc2FFZDVNR3hHY1ZCTGVITjFkekZ0YW5SR1F3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3djQUJwb2RIUndjem92TDJsbVlYVjBhQzVwZFcxekxtRmpMbWx5THdaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4RGFXNTBCQUlBQWc9PXzpCEXKP1kECEEymXc0IbE8CCYcl-h3Z4CiN2k5A3v2OQ==] X-Aasaam-Agent-Hash:[807ca0a2] X-Forwarded-Proto:[https] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Os:[linux] X-Request-Id:[f23fdea5a4f87aaa8dd37564e8861bc1] X-Aasaam-Geo-Country-Flag:[🌐] X-Aasaam-Geo-Default-Lang-Direction:[ltr] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Vendor:[google] Sec-Fetch-Site:[same-site] X-Request-Time:[1581006244.582] X-Forwarded-Host:[vouch.example.tld] X-Aasaam-Agent-Version:[79] Connection:[close] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48658 /auth?code=pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ&state=bpB3PniXSm4lhGy0lFqPKxsuw1mjtFC <nil> <nil> <nil> 0xc42018a630}"}
{"level":"debug","ts":1581006244.5837288,"msg":"/auth"}
{"level":"debug","ts":1581006244.5843143,"msg":"code: pQsdRgx81UmttR9DQRsFow.Z4Ux_CCr1wi9APBLhYc1rXCLBbY.CItFjoxkxzSWly537Np86RBnpJ0BgdD34crLxuQhnynf8sTyxTOZP6mCrqIisJuJ0_zCc1s6p9pbzCPTWtr_F-pxt4UlvXDEUDyKOqzY67ePbzhI0cpKQzEcvZgtdnKFYEuuXtuD2KWdUVc5uxutxLzpMs9aDUhOAFJPR-AsKRTMR9hqRMgOvOPkKvjjEADF831KnnUENrR5JQZApWwnqAN7jrF7hqacJtoyOfrQlQhRnBC34Yjmlw0ncYkj_9Wskt0ZphhEwXoAs9TjrUPQ7kO1lSXoSBR69_MXAUCx6xFyFT8QMJvtcSYkUmIbpYTbnDlsI4984xDomRLrGg27IQ"}
{"level":"error","ts":1581006244.606126,"msg":"jws: invalid token received"}
{"level":"debug","ts":1581006244.6061752,"msg":"/auth Claims from userinfo: {Claims:map[]}"}
{"level":"debug","ts":1581006244.6061883,"msg":"/auth CallbackHandler"}
{"level":"debug","ts":1581006244.606203,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"}
{"level":"debug","ts":1581006244.6062121,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"}
{"level":"debug","ts":1581006244.6062431,"msg":"new user.. setting created on to 1581006244"}
{"level":"error","ts":1581006244.6062896,"msg":"key required"}
{"level":"error","ts":1581006244.6063066,"msg":"key required"}
{"level":"debug","ts":1581006244.6063468,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"}
{"level":"debug","ts":1581006244.6063683,"msg":"token expires: 1581024244"}
{"level":"debug","ts":1581006244.606376,"msg":"diff from now: 18000"}
{"level":"debug","ts":1581006244.6064706,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.6065056,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.606742,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.606781,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.6067944,"msg":"|302| 23.054442ms /auth","statusCode":302,"request":12,"latency":0.023054442,"avgLatency":0.010951167,"ipPort":"127.0.0.1:48658","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.6405988,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[Connection:[close] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Request-Id:[ee5029e9f876eacb2a08962d8f3e1f18] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Site:[same-site] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Forwarded-Host:[app.example.tld] X-Forwarded-Port:[443] X-Request-Time:[1581006244.639] X-Aasaam-Client-New:[1] Cache-Control:[max-age=0] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] Sec-Fetch-Mode:[navigate] Accept-Encoding:[gzip, deflate, br] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-Proto:[https] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-User:[?1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48666 /validate <nil> <nil> <nil> 0xc420272930}"}
{"level":"debug","ts":1581006244.6406765,"msg":"/validate"}
{"level":"debug","ts":1581006244.6407025,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.6407208,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.6414466,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"}
{"level":"debug","ts":1581006244.641477,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"}
{"level":"error","ts":1581006244.6414902,"msg":"no Username found in jwt"}
{"level":"debug","ts":1581006244.6415055,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006244.641515,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.641523,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.6415398,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006244.6415555,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006244.641583,"msg":"|401| 881.031µs /validate","statusCode":401,"request":13,"latency":0.000881031,"avgLatency":0.010176542,"ipPort":"127.0.0.1:48666","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.675224,"msg":"Request received : &{GET /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= HTTP/1.0 1 0 map[X-Aasaam-Agent-Vendor:[google] Upgrade-Insecure-Requests:[1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] X-Aasaam-Client-New:[0] X-Aasaam-Agent-Category:[pc] X-Aasaam-Agent-Os:[linux] Cache-Control:[max-age=0] Sec-Fetch-User:[?1] X-Forwarded-Host:[vouch.example.tld] Connection:[close] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] X-Request-Time:[1581006244.674] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV80M19nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JUUFmWW5CQ00xQnVhVmhUYlRSc2FFZDVNR3hHY1ZCTGVITjFkekZ0YW5SR1F3WnpkSEpwYm1jTURnQU1jbVZ4ZFdWemRHVmtWVkpNQm5OMGNtbHVad3dDQUFBR2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFBPXxaU0v8mdyUeUeZh519OrLxHnGjoP7u8XW9QdWUoKexQQ==] X-Forwarded-Port:[443] X-Forwarded-Proto:[https] X-Aasaam-Geo-Default-Lang-Direction:[ltr] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Hash:[807ca0a2] X-Aasaam-Geo-Country-Flag:[🌐] Sec-Fetch-Mode:[navigate] X-Real-Ip:[XXX.XXX.64.31] X-Forwarded-For:[XXX.XXX.64.31] X-Aasaam-Agent-Version:[79] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] X-Request-Id:[d42bd02a40b94bc396409f485e734775] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48668 /login?url=https://app.example.tld/&vouch-failcount=&X-Vouch-Token=&error= <nil> <nil> <nil> 0xc420272c60}"}
{"level":"debug","ts":1581006244.6753058,"msg":"/login"}
{"level":"debug","ts":1581006244.6753256,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.6753352,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.6753428,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.6755395,"msg":"session state set to PfUfzccPQckXYBScXIZuBKu1eBhsuO8N"}
{"level":"debug","ts":1581006244.675571,"msg":"session requestedURL set to https://app.example.tld/"}
{"level":"debug","ts":1581006244.675582,"msg":"failcount for https://app.example.tld/ is 0"}
{"level":"debug","ts":1581006244.67559,"msg":"saving session"}
{"level":"debug","ts":1581006244.675906,"msg":"redirecting to oauthURL https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N"}
{"level":"debug","ts":1581006244.6759365,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.6759555,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.6759684,"msg":"|302| 652.303µs /login","statusCode":302,"request":14,"latency":0.000652303,"avgLatency":0.00949624,"ipPort":"127.0.0.1:48668","method":"GET","host":"vouch.example.tld","path":"/login","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.822487,"msg":"Request received : &{GET /auth?code=pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N HTTP/1.0 1 0 map[X-Aasaam-Geo-Default-Lang-Direction:[ltr] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Host:[vouch.example.tld] X-Request-Time:[1581006244.821] X-Aasaam-Client-Id:[9bcecad5] X-Aasaam-Agent-Hash:[807ca0a2] X-Real-Ip:[XXX.XXX.64.31] Sec-Fetch-Mode:[navigate] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] X-Forwarded-Port:[443] X-Aasaam-Foreign-Referer-Host:[adfs.example.tld] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchSession=MTU4MTAwNjI0NHxEdi1CQkFFQ180SUFBUkFCRUFBQV82al9nZ0FEQm5OMGNtbHVad3dIQUFWemRHRjBaUVp6ZEhKcGJtY01JZ0FnVUdaVlpucGpZMUJSWTJ0WVdVSlRZMWhKV25WQ1MzVXhaVUpvYzNWUE9FNEdjM1J5YVc1bkRBNEFESEpsY1hWbGMzUmxaRlZTVEFaemRISnBibWNNSEFBYWFIUjBjSE02THk5cFptRjFkR2d1YVhWdGN5NWhZeTVwY2k4R2MzUnlhVzVuREJ3QUdtaDBkSEJ6T2k4dmFXWmhkWFJvTG1sMWJYTXVZV011YVhJdkEybHVkQVFDQUFJPXyDQdejcgcaydb2lWsL_LhmgGq25Pz1by7b8-0wipugNw==] X-Aasaam-Client-New:[0] X-Aasaam-Geo-Country-Flag:[🌐] Connection:[close] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Aasaam-Agent-Category:[pc] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Proto:[https] X-Aasaam-Agent-Name:[chrome] X-Aasaam-Agent-Os:[linux] Sec-Fetch-User:[?1] Sec-Fetch-Site:[same-site] X-Request-Id:[c7933cc1af8d53b3b261951d93a9a86f] X-Aasaam-Agent-Version:[79] X-Aasaam-Agent-Vendor:[google] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36]] {} <nil> 0 [] true vouch.example.tld map[] map[] <nil> map[] 127.0.0.1:48674 /auth?code=pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q&state=PfUfzccPQckXYBScXIZuBKu1eBhsuO8N <nil> <nil> <nil> 0xc4202733e0}"}
{"level":"debug","ts":1581006244.822544,"msg":"/auth"}
{"level":"debug","ts":1581006244.8227215,"msg":"code: pQsdRgx81UmttR9DQRsFow.7khV_CCr1wi-AIRGTVu8lHQb_08.bRmVXtJ0C5tYwk3WJO5Z4AiSmJe0mXNpk22xxzpj29ZnLUwy_pg5VvVl0A5aYZ8_ZUuXuWEbmkzdNsFA5Dt9QfUW_Umht2qi-GixK5FMNnRhij6BwZ9lLy9ZlvQGrryd4XnGtpr-cTanXm-508d-XEmB6dcmM_cHih8d0a3HgVMIzn-YYrO077XyHtFDqYi_R8596V0pqVWaeZzvtRtg3E4-d0InzyhtXeU0dov1k5Bld2jGbS-W9mM-eNcw4wMQu7PKvOFQsYoxVJnsm_kmLGqPYAa68uzZ66FpwjOVmGJfjmjx-HnrsO6pmxRyuXykbIVNAPj-2Tc_a6i6mfjr8Q"}
{"level":"error","ts":1581006244.8438056,"msg":"jws: invalid token received"}
{"level":"debug","ts":1581006244.8438454,"msg":"/auth Claims from userinfo: {Claims:map[]}"}
{"level":"debug","ts":1581006244.8438563,"msg":"/auth CallbackHandler"}
{"level":"debug","ts":1581006244.843871,"msg":"/auth {Username: Name: Email: CreatedOn:0 LastUpdate:0 ID:0}"}
{"level":"debug","ts":1581006244.8438802,"msg":"skipping verify user since cfg.Cfg.AllowAllUsers is true"}
{"level":"debug","ts":1581006244.8439097,"msg":"new user.. setting created on to 1581006244"}
{"level":"error","ts":1581006244.8442779,"msg":"key required"}
{"level":"error","ts":1581006244.8443105,"msg":"key required"}
{"level":"debug","ts":1581006244.8443413,"msg":"token: &{ 0xc42018e080 map[typ:JWT alg:HS256] { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }} false}"}
{"level":"debug","ts":1581006244.84435,"msg":"token expires: 1581024244"}
{"level":"debug","ts":1581006244.8443553,"msg":"diff from now: 18000"}
{"level":"debug","ts":1581006244.8444068,"msg":"domain vouch.example.tld matched array value at [1]=vouch.example.tld"}
{"level":"debug","ts":1581006244.844423,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.8445735,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"debug","ts":1581006244.8446095,"msg":"Request handled successfully: 302"}
{"level":"info","ts":1581006244.8446236,"msg":"|302| 22.066775ms /auth","statusCode":302,"request":15,"latency":0.022066775,"avgLatency":0.010334275,"ipPort":"127.0.0.1:48674","method":"GET","host":"vouch.example.tld","path":"/auth","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006244.8778102,"msg":"Request received : &{GET /validate HTTP/1.0 1 0 map[X-Request-Id:[691fd820b8d4df2ae9cd08635e5b751a] X-Forwarded-Host:[app.example.tld] X-Request-Time:[1581006244.877] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36] Sec-Fetch-Site:[same-site] Accept-Language:[en-US,en;q=0.9,fa;q=0.8] X-Forwarded-Proto:[https] X-Aasaam-Client-New:[1] Connection:[close] Cache-Control:[max-age=0] Upgrade-Insecure-Requests:[1] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9] Referer:[https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz] Accept-Encoding:[gzip, deflate, br] Cookie:[aasaam_cid=AAAAAJY9PF4IAOdwAWoAAA==; VouchCookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A] X-Forwarded-For:[XXX.XXX.64.31] X-Forwarded-Port:[443] Sec-Fetch-User:[?1] X-Real-Ip:[XXX.XXX.64.31] X-Aasaam-Client-Id:[aasaam_cid=000000005E3C3D9670E7000800006A01] Sec-Fetch-Mode:[navigate]] {} <nil> 0 [] true app.example.tld map[] map[] <nil> map[] 127.0.0.1:48678 /validate <nil> <nil> <nil> 0xc4201a7290}"}
{"level":"debug","ts":1581006244.8778653,"msg":"/validate"}
{"level":"debug","ts":1581006244.8778825,"msg":"jwt from cookie: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.877895,"msg":"tokenString eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IiIsInNpdGVzIjpbImlmYXV0aC5pdW1zLmFjLmlyIiwidm91Y2guaXVtcy5hYy5pciIsImFkZnMuaXVtcy5hYy5pciIsIml1bXMuYWMuaXIiXSwiQ3VzdG9tQ2xhaW1zIjpudWxsLCJQQWNjZXNzVG9rZW4iOiIiLCJQSWRUb2tlbiI6IiIsImV4cCI6MTU4MTAyNDI0NCwiaXNzIjoiVm91Y2gifQ.ON4ktPn6m_3BUdO-z9Zy8zMqJbQMwGEZsGmVeWYdh3A"}
{"level":"debug","ts":1581006244.878019,"msg":"*ptokenCLaims: { [app.example.tld vouch.example.tld adfs.example.tld example.tld] map[] { 1581024244 0 Vouch 0 }}"}
{"level":"debug","ts":1581006244.8780437,"msg":"JWT Claims: {Username: Sites:[app.example.tld vouch.example.tld adfs.example.tld example.tld] CustomClaims:map[] PAccessToken: PIdToken: StandardClaims:{Audience: ExpiresAt:1581024244 Id: IssuedAt:0 Issuer:Vouch NotBefore:0 Subject:}}"}
{"level":"error","ts":1581006244.878055,"msg":"no Username found in jwt"}
{"level":"debug","ts":1581006244.8780684,"msg":"domain app.example.tld matched array value at [0]=app.example.tld"}
{"level":"debug","ts":1581006244.8780918,"msg":"setting the cookie domain to .example.tld"}
{"level":"debug","ts":1581006244.8780994,"msg":"deleting cookie: VouchCookie"}
{"level":"debug","ts":1581006244.8781135,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"debug","ts":1581006244.8781269,"msg":"Request handled successfully: 401"}
{"level":"info","ts":1581006244.8781383,"msg":"|401| 262.178µs /validate","statusCode":401,"request":16,"latency":0.000262178,"avgLatency":0.009704769,"ipPort":"127.0.0.1:48678","method":"GET","host":"app.example.tld","path":"/validate","referer":"https://adfs.example.tld/adfs/oauth2/authorize/?client_id=9b31f91c-91da-47df-899f-e66c7b9cc2ef&redirect_uri=https%3A%2F%2Fvouch.example.tld%2Fauth&resource=https%3A%2F%2Fvouch.example.tld%2Fauth&response_type=code&scope=email+profile+openid&state=yxZyIebQ1uMmJpnjZtLU3j5YB4aYKhUz"}
{"level":"debug","ts":1581006282.643884,"msg":"Request received : &{GET /healthcheck HTTP/1.1 1 1 map[User-Agent:[Go-http-client/1.1] Accept-Encoding:[gzip]] {} <nil> 0 [] false 0.0.0.0:19090 map[] map[] <nil> map[] 127.0.0.1:53686 /healthcheck <nil> <nil> <nil> 0xc4201a75c0}"}
{"level":"debug","ts":1581006282.6439147,"msg":"CaptureWriter.Write set w.StatusCode 200"}
{"level":"debug","ts":1581006282.6439242,"msg":"Request handled successfully: 200"}
{"level":"info","ts":1581006282.64396,"msg":"|200| 13.287µs /healthcheck","statusCode":200,"request":17,"latency":0.000013287,"avgLatency":0.009134682,"ipPort":"127.0.0.1:53686","method":"GET","host":"0.0.0.0:19090","path":"/healthcheck","referer":""}
server {
listen 443 ssl http2;
server_name vouch.example.tld;
ssl_certificate /cert/fullchain.pem;
ssl_certificate_key /cert/privkey.pem;
ssl_trusted_certificate /cert/chain.pem;
location / {
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:19090;
}
}
server {
listen 443 ssl http2;
server_name app.example.tld;
ssl_certificate /cert/fullchain.pem;
ssl_certificate_key /cert/privkey.pem;
ssl_trusted_certificate /cert/chain.pem;
auth_request /validate;
location /validate {
proxy_pass http://127.0.0.1:19090/validate;
proxy_set_header Host $http_host;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# pass Vouch headers along with the request
#auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
auth_request_set $auth_resp_x_vouch_idp_idtoken $upstream_http_x_vouch_idp_idtoken;
# these return values are used by the @error401 call
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
}
error_page 401 = @error401;
location @error401 {
return 302 https://vouch.example.tld/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
}
location / {
add_header 'Content-Type' 'text/plain';
echo 'ok';
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment