"groups session data is missing, re-authenticating" after adding groups to session

[brokenjacobs]

Trying the v2 codebase since I push group claims from my IDP. And here is what happens on every auth request:
ime="2020-03-19T22:36:49Z" level=info msg="creating group claims session with groups: [WebApps.LCS.Access.User.Group K8S.LCS.Admin.User.Group]" source_ip=10.203.53.248 time="2020-03-19T22:36:49Z" level=info msg="groups session data is missing, re-authenticating" source_ip=10.203.53.248
I can verify the forward_auth_claims cookie is being set and sent in the browser, and I even tried renaming it, and it goes back and forth with the corrected name.

It seems like it is decoding the cooking into the session but getting a null value. I'm not sure how that is happening. Any clues?

[brokenjacobs]

Turning up debug:
I see the cookie in:
level=debug msg="Handling callback" headers="....

But not in:
level=debug msg="Authenticate request" headers="

[brokenjacobs]

Save the session:

traefik-forward-auth/internal/server.go

Line 318 in 370a655

if err := session.Save(r, w); err != nil {

Implementation:

traefik-forward-auth/internal/server_test.go

Line 54 in 370a655

func (f *fakeStore) Save(r *http.Request, w http.ResponseWriter, s *sessions.Session) error {

So... guessing this all doesn't work yet?

[brokenjacobs]

ping?

[geiseri]

this seems like what i am seeing on #23

[brokenjacobs]

looks like this shouldn't be a 'release' as the implementation is incomplete.

[jr0d]

@brokenjacobs Sorry, I've been away from this for a while. Group sessions do work, though they require a SESSION_KEY to be set. We were not checking properly that the SESSION_KEY existed before setting up the group claims session; resulting in this behavior.

[brokenjacobs]

I hadn't checked back in but it looks like this has been resolved now? Yay!

[brokenjacobs]

nope. added a SESSION_KEY setting 32 characters long, and it is still not working. Same error messages, on 2.0.5.