I use your plugin with LemonLDAP::NG.

Here is the error I got:

Completed 500 Internal Server Error in 273ms (ActiveRecord: 22.4ms)
  
NoMethodError (undefined method `unpack1' for nil:NilClass):
  
plugins/redmine_openid_connect/app/models/oic_session.rb:178:in `user'
plugins/redmine_openid_connect/app/models/oic_session.rb:163:in `admin?'
plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:143:in `oic_local_login'
lib/redmine/sudo_mode.rb:61:in `sudo_mode'

This is thrown by this code: https://github.com/devopskube/redmine_openid_connect/blob/master/app/models/oic_session.rb#L178

An access token can be a JWT but it is not mandatory.

I think we should first try id_token to get values, or only tryaccess_token if it is a JWT.

Hello,

When I try to delete a user (which is using the openid plugin to authentificate) from the users administration page I've got the following error:

ActiveRecord::StatementInvalid (Mysql2::Error: Cannot delete or update a parent row: a foreign key constraint fails (`redmine`.`oic_sessions`, CONSTRAINT `fk_rails_fb3c08edd2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`)): DELETE FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`id` = 5):

I think cascade is missing so user entry for user in oic_sessions are removed when user is delete.

Regards,

Hello,

I am facing this issue where the oic_session table is full in Mariadb...

I did on the table:
ALTER TABLE oic_sessions MAX_ROWS=1000000 AVG_ROW_LENGTH=3276

But I really don't know if this is a good thing to do...
Has anyone seen this? Is there a way to purge NULL sessions?

Cheers

Hello. Added a pull request to the integration with Authelia.

https://www.authelia.com/
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

Authelia configuration.yml
Add into the section of "clients"

      - id: redmine
        description: Redmine
        secret: '$plaintext$redmine_client_secret'
        public: false
        authorization_policy: one_factor
        redirect_uris:
           - https://redmine.example.com/oic/local_login
        scopes:
           - openid
           - profile
           - groups
           - email
        userinfo_signing_algorithm: none

Redmine plugin openID Connect configuration:
Client ID: redmine
OpenID Connect server url: https://authelia.example.com
Client Secret: redmine_client_secret
OpenID Connect scopes (comma-separated): openid,profile,groups,email

Admins group (members of this group are treated as admin): admins

Disable Ssl Validation: yes
Login Selector: yes
Create user if not exists: yes

It would be nice if the provided Tokens would be verified before accepted. There is a ruby lib jwt which can be easily used for this purpose, sadly i'm not capable to implement the storage of the public IDP cert plugin wide. It should be retrieved once a day and be cached.

I want to use this plugin, but I can't find the license file.
Is it available with an OSS license?
What type of license, if available?

I'm using this plugin to authenticate into Redmine via Keycloack, but once enabled I'm seeing that non-admin users are able to access the /admin page by appending /admin to the hostname. Once on that page, they have read access to a majority of and both read and write access to several, of the admin settings. Pages, where they have read and write access, include, "Users" and all plugins.

I tested this with several different settings changes in both the plugin and within Keycloak and it has not alleviated the issue.

Has anyone else had this same issue?

Application: Docker Bitnami/Redmine 4.1.1 and Docker Redmine 4.1.1
Plugin Version: 0.9.4
IDP: Keycloak

keycloak version：19.0.3

Click Login to report an error：

http://ip:8030/oic/local_login?error=invalid_scope&error_description=Invalid+scopes%3A+&state=21318a43-69f0-46fb-8df3-9cad122948fe

Started GET "/oic/local_login?error=invalid_scope&error_description=Invalid+scopes%3A+&state=21318a43-69f0-46fb-8df3-9cad122948fe" for 10.249.3.45 at 2022-12-13 07:08:04 +0000

keyclock error:

KC-SERVICES0093: Invalid parameter value for: scope

redmine_openid_connect configuration：

Plugin version: 0.9.4
Redmine version: 5.0.5.stable

Hello.

I am having issues with this plugin. Everything seems to work fine until the moment I am logged in (a new user is successfully created in Redmine, the newly created used receives admin role, authentication in successful). After a successful login I am immediately redirected to logout. My Keycloak session is still active, I am only getting logged out from Redmine.

Plugin settings:

I would appreciate any input on this issue.

Logs:

redmine_1   | I, [2023-05-17T07:28:46.533244 #1]  INFO -- : Processing by AccountController#login as HTML
redmine_1   | I, [2023-05-17T07:28:46.560194 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.560714 #1]  INFO -- : Redirected to http://localhost:3000/oic/login
redmine_1   | I, [2023-05-17T07:28:46.560921 #1]  INFO -- : Completed 302 Found in 28ms (ActiveRecord: 6.5ms | Allocations: 4283)
redmine_1   | I, [2023-05-17T07:28:46.567223 #1]  INFO -- : Started GET "/oic/login" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.567704 #1]  INFO -- : Processing by AccountController#oic_login as HTML
redmine_1   | I, [2023-05-17T07:28:46.570586 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.573902 #1]  INFO -- : Redirected to https://our-keycloak-url.com/auth/realms/applications/protocol/openid-connect/auth?client_id=redmine&nonce=e83ef31b-f7d1-4d4d-b4dc-407de45be58e&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foic%2Flocal_login&response_type=code&scope=openid&state=9bf42a76-9e73-45d2-8ffa-65119b914506
redmine_1   | I, [2023-05-17T07:28:46.574044 #1]  INFO -- : Completed 302 Found in 6ms (ActiveRecord: 2.7ms | Allocations: 1080)
redmine_1   | I, [2023-05-17T07:28:46.595016 #1]  INFO -- : Started GET "/oic/local_login?state=9bf42a76-9e73-45d2-8ffa-65119b914506&session_state=7409ed4f-fcce-4b13-a992-92ba859c3cab&code=9c04bba5-3653-416f-99e1-c683261bd8da.7409ed4f-fcce-4b13-a992-92ba859c3cab.882cb313-ebd8-44ba-b152-bee176ea923e" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.595948 #1]  INFO -- : Processing by AccountController#oic_local_login as HTML
redmine_1   | I, [2023-05-17T07:28:46.596038 #1]  INFO -- :   Parameters: {"state"=>"9bf42a76-9e73-45d2-8ffa-65119b914506", "session_state"=>"7409ed4f-fcce-4b13-a992-92ba859c3cab", "code"=>"9c04bba5-3653-416f-99e1-c683261bd8da.7409ed4f-fcce-4b13-a992-92ba859c3cab.882cb313-ebd8-44ba-b152-bee176ea923e"}
redmine_1   | I, [2023-05-17T07:28:46.599480 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.681695 #1]  INFO -- : Successful authentication for 'redmineadmin' from 10.10.22.1 at 2023-05-17 07:28:46 UTC
redmine_1   | I, [2023-05-17T07:28:46.689111 #1]  INFO -- : Redirected to http://localhost:3000/my/page
redmine_1   | I, [2023-05-17T07:28:46.689325 #1]  INFO -- : Completed 302 Found in 93ms (ActiveRecord: 13.0ms | Allocations: 5912)
redmine_1   | I, [2023-05-17T07:28:46.694437 #1]  INFO -- : Started GET "/my/page" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.694972 #1]  INFO -- : Processing by MyController#page as HTML
redmine_1   | I, [2023-05-17T07:28:46.699302 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.739078 #1]  INFO -- :   Rendered my/page.html.erb within layouts/base (Duration: 37.5ms | Allocations: 17113)
redmine_1   | I, [2023-05-17T07:28:46.746544 #1]  INFO -- :   Rendered layout layouts/base.html.erb (Duration: 45.0ms | Allocations: 21100)
redmine_1   | I, [2023-05-17T07:28:46.746740 #1]  INFO -- : Completed 200 OK in 52ms (Views: 32.4ms | ActiveRecord: 14.6ms | Allocations: 22648)
redmine_1   | I, [2023-05-17T07:28:46.821913 #1]  INFO -- : Started GET "/oic/rpiframe" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.822500 #1]  INFO -- : Processing by AccountController#rpiframe as HTML
redmine_1   | I, [2023-05-17T07:28:46.829316 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.831790 #1]  INFO -- :   Rendered plugins/redmine_openid_connect/app/views/account/rpiframe.html.erb (Duration: 0.2ms | Allocations: 43)
redmine_1   | I, [2023-05-17T07:28:46.832225 #1]  INFO -- : Completed 200 OK in 10ms (Views: 1.0ms | ActiveRecord: 2.9ms | Allocations: 1298)
redmine_1   | I, [2023-05-17T07:28:46.889662 #1]  INFO -- : Started GET "/oic/local_logout" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.890141 #1]  INFO -- : Processing by AccountController#oic_local_logout as HTML
redmine_1   | I, [2023-05-17T07:28:46.896210 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.910221 #1]  INFO -- :   Rendered plugins/redmine_openid_connect/app/views/account/oic_local_logout.html.erb within layouts/base (Duration: 0.3ms | Allocations: 67)
redmine_1   | I, [2023-05-17T07:28:46.920746 #1]  INFO -- :   Rendered layout layouts/base.html.erb (Duration: 10.8ms | Allocations: 4608)
redmine_1   | I, [2023-05-17T07:28:46.920965 #1]  INFO -- : Completed 200 OK in 31ms (Views: 9.2ms | ActiveRecord: 15.3ms | Allocations: 6188)```

http://redmine_ip/oic/local_login?state=f69ed892-a89d-4feb-aafb-9b936680a27e&session_state=074641d7-9a10-4f55-ac72-88e0661d6cbd&code=8b8d29d7-f085-418f-8835-1e9b3f318815.074641d7-9a10-4f55-ac72-88e0661d6cbd.68ac5a80-d668-460a-9ded-023d90848723

Not Found

The requested URL was not found on this server.
redmine_openid_connect version :0.9.4
Redmine version version 4.1.1.stable

The OAuth scope is currently statically defined as openid profile email user_name. Some IdPs don't support every scope, so it would be nice to configure it.

After installing and set the plugin settings and enabling it, the redmine's normal login screen is shown when logging in, the plugin does not forward the call to the openid connect provider instead.

The spec states that end_session_endpoint only needs to be provided if the OP supports OIDC Discovery 1.0. Yet the plugin currently requires it for logout functionality (a nasty exception is thrown if the OP doesn't provide this value).

The plugin should instead verify if end_session_endpoint is supplied first, and only redirect there if it is (rather than assuming it is).

I have a session timeout implemented through Redmine's settings. When that timer ends, I get a "too many redirects" error on page refresh.
I used Keycloak

So if I set a user as administrator in the database, they are able to view the administrator panel and administer the site. However, if they login with OIDC (specifically using Keycloak), the database is changed and the user is set back to non admin.
The plugin seems to be writing to the database with each login.

This is only happening when logging in with OIDC, if the user logs in normally, the database isn´t touched and the user remains and administrator.

Hi,

I'm using this plugin to connect redmine & keycloak. Recently, I was informed an user cannot login redmine. After checking, the problem comes from the way we decode id_token

given this id_token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1OTY1MzIyNDUsImlhdCI6MTU5NjUyMjk3OSwiYXV0aF90aW1lIjoxNTk2NTIyOTc5LCJqdGkiOiIwZmRlNzRjNS1lYzBiLTQyZDUtODlhNS0zMDI1YzE1OWQ4NjAiLCJpc3MiOiJodHRwczovL3Nzby10ZXN0LmxvY2FsL2F1dGgvcmVhbG1zL2RlbW8iLCJhdWQiOiJyZWRtaW5lIiwic3ViIjoiMjFjMWRiYzQtM2M3MC00YzM3LTlkMWMtODM1OTBhMjZiNWNmIiwidHlwIjoiSUQiLCJhenAiOiJyZWRtaW5lIiwibm9uY2UiOiIyZWJjMjhiYi1lNTMyLTQxYWEtYTBkNS0xMzE0Yzg5MjlkMDciLCJzZXNzaW9uX3N0YXRlIjoiYjI2MjYxNmItNGNhNS00OGZiLWFkY2ItOTY2YzNhNTQwYzg0IiwiYWNyIjoiMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwidXNlcl9uYW1lIjoibS5waGFtIiwibmFtZSI6IkPDqWRyaWMtSm_DqSBQT09UVEFSRU4iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtLnBoYW0iLCJnaXZlbl9uYW1lIjoiQ8OpZHJpYy1Kb8OpIiwibWVtYmVyX29mIjpbInVzZXIiXSwiZmFtaWx5X25hbWUiOiJQT09UVEFSRU4iLCJlbWFpbCI6Im0ucGhhbUBlbWFpbC5jb20ifQ.dRblJ7Nex4TBEQH6UNatVnNbUJYW6N122IOSMcee3SA

the output is
{"exp":1596532245,"iat":1596522979,"auth_time":1596522979,"jti":"0fde74c5-ec0b-42d5-89a5-3025c159d860","iss":"https://sso-test.local/auth/realms/demo","aud":"redmine","sub":"21c1dbc4-3c70-4c37-9d1c-83590a26b5cf","typ":"ID","azp":"redmine","nonce":"2ebc28bb-e532-41aa-a0d5-1314c8929d07","session_state":"b262616b-4ca5-48fb-adcb-966c3a540c84","acr":"1","email_verified":false,"user_name":"m.pham","name":"Cédric-J`�H������T�S����Y�\��Y��\�\��[YH���K���[H��]�[�ۘ[YH�����Y��X�R���H�Y[X�\��و��ȝ\�\����[Z[�Wۘ[YH��������T�S��[XZ���K���[P�[XZ[
���H�

which is not a valid json

I see we already have a PR for the fix #27 - can you help to review & merge it ?

Thanks

Hi,

I'm trying to make this work on Redmine 4.2.3.stable but so far I keep hitting the following error:

Started GET "/oic/login?utf8=%E2%9C%93&back_url=%2F&login-openid=Login+with+SSO" for 10.42.1.88 at 2022-01-12 19:45:06 +0000
--
Wed, Jan 12 2022 7:45:06 pm | Processing by AccountController#oic_login as HTML
Wed, Jan 12 2022 7:45:06 pm | Parameters: {"utf8"=>"✓", "back_url"=>"/", "login-openid"=>"Login with SSO"}
Wed, Jan 12 2022 7:45:06 pm | Current user: anonymous
Wed, Jan 12 2022 7:45:06 pm | Completed 500 Internal Server Error in 50ms (ActiveRecord: 4.6ms)
Wed, Jan 12 2022 7:45:06 pm |  
Wed, Jan 12 2022 7:45:06 pm | NoMethodError (undefined method `+' for nil:NilClass):
Wed, Jan 12 2022 7:45:06 pm |  
Wed, Jan 12 2022 7:45:06 pm | plugins/redmine_openid_connect/app/models/oic_session.rb:187:in `authorization_url'
Wed, Jan 12 2022 7:45:06 pm | plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:49:in `oic_login'
Wed, Jan 12 2022 7:45:06 pm | lib/redmine/sudo_mode.rb:61:in `sudo_mode'

The config is in the right place and has the right details.
My best guess is that the config fetching part doesn't work anymore. Although i used to have it working on 4.2.0

Any ideas?

After cloning the project inside plugins folder and run bundle install command getting below error

Your Gemfile has no gem server sources. If you need gems that are not already on your machine, add a line like this to your Gemfile:
source 'https://rubygems.org'
Could not find gem 'httparty (~> 0.13.7)' in any of the gem sources listed in your Gemfile.

On redmine 3.4.4 after a successful plugin install and following your install procedure, I get this error:

Processing by SettingsController#plugin as HTML
  Parameters: {"id"=>"redmine_openid_connect"}
  Current user: admin (id=1)
  Rendered settings/plugin.html.erb within layouts/admin (4.5ms)
Missing template, responding with 404
  Rendered common/error.html.erb within layouts/base (1.0ms)
  Rendered plugins/scrum/app/views/scrum_hooks/_head.html.erb (0.3ms)
  Rendered plugins/scrum/app/views/scrum_hooks/_scrum_tips.html.erb (3.9ms)
Completed 404 Not Found in 52ms (Views: 22.4ms | ActiveRecord: 4.4ms)

Any idea how to fix?

Completed 500 Internal Server Error in 1448ms (ActiveRecord: 12.7ms)

ActiveRecord::StatementInvalid (PG::ProgramLimitExceeded: ERROR:  index row size 2752 exceeds maximum 2712 for index "index_oic_sessions_on_access_token"
HINT:  Values larger than 1/3 of a buffer page cannot be indexed.
Consider a function index of an MD5 hash of the value, or use full text indexing.
: UPDATE "oic_sessions" SET "access_token" = $1, "refresh_token" = $2, "expires_at" = $3, "updated_at" = $4 WHERE "oic_sessions"."id" = $5):

plugins/redmine_openid_connect/app/models/oic_session.rb:82:in `get_access_token!'
plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:82:in `oic_local_login'
lib/redmine/sudo_mode.rb:65:in `sudo_mode'

Any ideas how to fix this?

Hello, I am working on integrating a new Redmine installation with our existing Keycloak IdP, and I just finished fighting an annoying bug.

In my Keycloak server I had created a realm role called "admin" and assigned the proper users, and then in Redmine I had configured the "admin_group" setting as "admin", but still users login through OIDC connect were not assigned the administrator role inside Redmine. I verified that the "realm_access" claim was present in the generated JWT, but still Redmine seemed to ignore it. After some debugging, I think I found the cause.

In the file app/models/oic_session.rb, function check_keycloak_role:

def check_keycloak_role(role)
    # keycloak way...
    kc_is_in_role = false
    if user["realm_access"].present?
      kc_is_in_role = user["realm_access"]["roles"].include?(role)
    end
    if user["resource_access"].present? && user["resource_access"][client_config['client_id']].present?
      kc_is_in_role = user["resource_access"][client_config['client_id']]["roles"].include?(role)
    end
    return true if kc_is_in_role 
  end

So the function checks if the role is present in the "realm_access" claim, and then, whether it is present or not, checks if "resource_access" exists, and if so, overwrites the previously found value. My Keycloak server generates both, and thus the role present in "realm_access" was completely ignored.

I temporarily patched it on my server by the adding the following condition:

def check_keycloak_role(role)
    # keycloak way...
    kc_is_in_role = false
    if user["realm_access"].present?
      kc_is_in_role = user["realm_access"]["roles"].include?(role)
    end
    # skip the check if we already found the role
    if !kc_is_in_role and user["resource_access"].present? && user["resource_access"][client_config['client_id']].present?
      kc_is_in_role = user["resource_access"][client_config['client_id']]["roles"].include?(role)
    end
    return true if kc_is_in_role 
  end

Now my system works as intended, but I would like your opinion. In any case, thank you so much for your nice plugin!

If I set any session timeout in Redmine, users can initially log in properly, but after the session has expired, they experience an infinite loop in the browser.

This is the Redmine log when this occurs (backoffice.company.com is the Redmine root address):

Completed 200 OK in 9ms (Views: 0.5ms | ActiveRecord: 3.8ms)
Started GET "/oic/login" for 125.168.96.206 at 2018-09-11 10:50:55 -0300
Processing by AccountController#oic_login as HTML
Redirected to https://backoffice.company.com/oic/login
Filter chain halted as :session_expiration rendered or redirected
Completed 302 Found in 7ms (ActiveRecord: 2.1ms)
Started GET "/oic/login" for 125.168.96.206 at 2018-09-11 10:50:57 -0300
Processing by AccountController#oic_login as HTML
Redirected to https://backoffice.company.com/oic/login
Filter chain halted as :session_expiration rendered or redirected
Completed 302 Found in 7ms (ActiveRecord: 2.3ms)
Started GET "/oic/login" for 125.168.96.206 at 2018-09-11 10:50:59 -0300
Processing by AccountController#oic_login as HTML
Redirected to https://backoffice.company.com/oic/login
Filter chain halted as :session_expiration rendered or redirected
Completed 302 Found in 8ms (ActiveRecord: 2.4ms)
Started GET "/oic/login" for 125.168.96.206 at 2018-09-11 10:51:16 -0300
Processing by AccountController#oic_login as HTML
Redirected to https://backoffice.company.com/oic/login
Filter chain halted as :session_expiration rendered or redirected
Completed 302 Found in 20ms (ActiveRecord: 2.3ms)
Started GET "/oic/login" for 125.168.96.206 at 2018-09-11 10:51:18 -0300
Processing by AccountController#oic_login as HTML
Redirected to https://backoffice.company.com/oic/login
Filter chain halted as :session_expiration rendered or redirected
Completed 302 Found in 7ms (ActiveRecord: 2.1ms)

Any ideas on what could be happening?

Cheers,

example: unauthenticated user points to http://example.domain/issues/5509
the plugin authenticates user without problems, but the browser then redirects to .../my/pages insted of the original request...

any idea ?

After I logd in with sso the plugin redirects me to the localhost:3000.

custom user_name scope is not based to the openid connect standard.
Insted, user_name should be changed to use nickname or preferred_username claims, and remove the scope from the query (both of these claims return inside the standard profile given through the id_token, without any additional scope request)

with these modifications, any standard openid connect provider should work by the book if the given username matches the requirements of redmine (no spaces etc).

http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

Hello, everyone,
I installed the OpenIdConnect plugin on Redmine 4.0.3 inside a Docker container starting from the basic image of Redmine.
After having extracted the plugin inside the homonymous folder I'm asked to install the Json 1.8 version instead of the default one that is 2.2. After doing this I get back an error that indicates the lack of dependencies for the make command and the gcc compiler. I install them and finally run the command "bundle install".
From now on Redmine doesn't work anymore.
I really need to make the plugin work on Redmine 4.0.3, can you help me?
Thanks in advance.

how to setting value of Setting.protocol + "://" + Setting.host_name use env?

The RP iframe code is sending incorrectly formatted messages to the SSO provider,
which leads to the response that the state has "changed". This forces a logout.

As per the RPiframe spec the message sent should be Client ID + " " + Session State.

PR is here PR#33

Some OIDC providers send the name claim but not given_name and family_name. The plugin should detect this case and try to split out the name into first and last name for user creation instead of failing. As a backstop, it should set the first and last name to empty strings.

Here's a short trace:

NoMethodError in AccountController#oic_login 
undefined method `<' for nil:NilClass
plugins/redmine_openid_connect/app/models/oic_session.rb:208:in `expired?'
plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:50:in `oic_login'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'

The expires_at setting looks like this:

      self.expires_at = (DateTime.now + response["expires_in"].seconds) if response["expires_in"].present?

If expires_in is not present, an exception is thrown the next time the user tries to log in.

According to the spec, expiries_in is an optional response value:

expires_in
OPTIONAL. Expiration time of the Access Token in seconds since the response was generated.

I actually get an exception in the error handling code where it doesn't have a user login to display. But this all is due to the user_info not containing any of: user_name, nickname or preferred_username used at https://github.com/devopskube/redmine_openid_connect/blob/master/lib/redmine_openid_connect/account_controller_patch.rb#L96 as the login username.

A sample user_info object as returned by Google looks like this (I have replaced actual info with <descriptions>):

{
  "sub"=>"<SOME BIG NUMBER>",
  "name"=>"<FULL NAME>",
  "given_name"=>"<FIRST NAME>",
  "family_name"=>"<LAST NAME>",
  "profile"=>"https://plus.google.com/<SOME BIG NUMBER>",
  "picture"=>"https://lh3.googleusercontent.com/a-/<SOME BIG ID>",
  "email"=>"<EMAIL>",
  "email_verified"=>true,
  "locale"=>"en",
  "hd"=>"<MY DOMAIN>"
}

The actual error I get in the logs looks like this:

Started GET "/oic/local_login?state=<REDACTED>&scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=<REDACTED>&prompt=none" fo
r <REDACTED> at 2021-02-09 14:41:44 +0000
Processing by AccountController#oic_local_login as HTML
  Parameters: {"state"=>"<REDACTED>", "code"=>"<REDACTED>", "scope"=>"email profile openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", "authuser"=>"0", "hd"=>"<REDACTED>", "prompt"
=>"none"}
  Current user: anonymous
Completed 500 Internal Server Error in 229ms (ActiveRecord: 11.2ms)

I18n::MissingInterpolationArgument (missing interpolation argument :value in "Could no create the user %{value}: " ({:count=>nil} given)):

lib/redmine/i18n.rb:36:in `l'
plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:128:in `oic_local_login'
lib/redmine/sudo_mode.rb:65:in `sudo_mode'

I've also tried different combinations of the email, profile and openid scopes in the settings (comma separated as mentioned next to the field).

I worked around this by adding an || user_info["email"] at the of of the .login = options but I have no idea if this causes any other unintended side effect hence I did not send a PR.

1.redmine can jump to keycloak

2. Login error： invalid username or password Try logging in with another account

http://ip:port/oic/local_login?state=3d1a4a65-039f-4796-9a9d-b139d3d562c4&session_state=687168fc-895d-4448-8e7a-5c0d1623ec2b&code=786be700-5291-477f-b53f-f65012154145.687168fc-895d-4448-8e7a-5c0d1623ec2b.5c905e72-e784-437f-80ba-3c6e21257a7e

3. Click：Try logging in with another account

4. You have been logged out. Click here to log in again.

http://ip:port/auth/realms/redmine2/protocol/openid-connect/login-status-iframe.html/init?client_id=redmine2&origin=http://10.249.3.15:8030

6. You are not authorized to view this page.

Hi,

I wonder if this plugin is compatible with Keycloak 12.0.4 version?

I have followed that guide http://devopsku.be/setup/redmine-keycloak/ and some parts can't be configured the same way as on the screenshots in the guide.

https://prnt.sc/12f60oy - keycloak main setttings; https://prnt.sc/12f614j - roles ; https://prnt.sc/12f61lv - mappers ; https://prnt.sc/12f64rd - redmine configuration.

In scope tab, if Full Scope Allowed is enabled there is no other options you can set. If you disable it - https://prnt.sc/12f622e it can't be saved.

In the end, I am getting this - oic/local_login?error=invalid_request&error_description=Invalid+scopes%3A+&state=xxxxx and empty redmine page.

Can someone help and advice if there is other way to configure it correctly?

Hello,

I am running Redmine 5.0.4.stable (docker hub official image). I have installed redmine_openid_connect version 0.9.4 and configured a Keycloak instance for OpenID Connect SSO. I have checked the Keycloak JWT generated token and it contains every attributed described in the README. After I authenticate my user I get Internal error and redmine logging (debug) outputs:

I, [2023-01-17T09:47:48.703454 #1] INFO -- : Completed 500 Internal Server Error in 30ms (ActiveRecord: 2.9ms | Allocations: 2442)
F, [2023-01-17T09:47:48.704098 #1] FATAL -- :
JSON::ParserError (859: unexpected token at ''):

plugins/redmine_openid_connect/app/models/oic_session.rb:125:in get_user_info!' plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:83:in oic_local_login'
lib/redmine/sudo_mode.rb:61:in `sudo_mode'

What can I do further to overcome this issue? If necessary I can provide extra information if necessary.

Thanks,
Silviu.

My full environment:

Environment:
Redmine version 5.0.4.stable
Ruby version 3.1.3-p185 (2022-11-24) [x86_64-linux]
Rails version 6.1.7
Environment production
Database adapter PostgreSQL
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Default
SCM:
Subversion 1.14.1
Mercurial 5.6.1
Bazaar 3.1.0
Git 2.30.2
Filesystem
Redmine plugins:
redmine_openid_connect 0.9.4

As far as I can tell, "user_name" is not a standard OIDC claim. The plugin currently requires this claim to be present, or the user can't be generated.

At the very least, both claims should be tried to find a value rather than simply failing to create the user.

If one uses admin group to grant a user admin permissions this will be set once and never updated again. hence if the user gets its admin role revoked in the IDP the user will still have admin rights in redmine,

Hi,
With postgres, when deleting a user added via OIC, I get an error

update or delete on table "users" violates foreign key constraint "fk_rails_fb3c08edd2" on table "oic_sessions"

An on delete casacde on the foreign key fix the issue

alter table oic_sessions drop constraint fk_rails_fb3c08edd2;
alter table oic_sessions add constraint fk_rails_fb3c08edd2 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;

Many thanks
Joris

Redmine version 4.2.4.stable
Ruby version 2.7.5-p203 (2021-11-24) [x86_64-linux]
Rails version 5.2.6.2
Database adapter PostgreSQL
redmine_openid_connect 0.9.4

Which version of Redmine does this plugin support?
It already supports Redmine v4.0.0?

Hello

I have some trouble making the plugin work. I have the following error :

Processing by AccountController#oic_login as HTML
   (0.9ms)  SELECT MAX("settings"."updated_on") FROM "settings"
  AnonymousUser Load (0.9ms)  SELECT  "users".* FROM "users" WHERE "users"."type" IN ('AnonymousUser')  ORDER BY "users"."id" ASC LIMIT 1
  Current user: anonymous
   (0.4ms)  BEGIN
  SQL (0.6ms)  INSERT INTO "oic_sessions" ("created_at", "updated_at", "state", "nonce") VALUES ($1, $2, $3, $4) RETURNING "id"  [["created_at", "2017-12-15 20:56:16.409099"], ["updated_at", "2017-12-15 20:56:16.409099"], ["state", "899bd2a7-49e6-4ac0-bfc7-a6f33e64e462"], ["nonce", "d4205b19-059c-43ae-887f-0398a8533296"]]
   (2.5ms)  COMMIT
Completed 500 Internal Server Error in 14ms (ActiveRecord: 5.3ms)

NoMethodError (undefined method `+' for nil:NilClass):
  plugins/redmine_openid_connect/app/models/oic_session.rb:153:in `authorization_url'
  plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:61:in `oic_login'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'

I use a local Keycloak OIDC provider and I provided this URL in the plugin configuration page :

Any idea ?

Hello everyone i added to plugin to my plugins list but when i tried to configure it i get 404 interface anyone have any ideas ?
Thank you in advance
PS : DOCKER environment

I18n::MissingInterpolationArgument (missing interpolation argument :value in "Could not create the user %{value}: " ({:count=>nil} given)):

lib/redmine/i18n.rb:36:in l' plugins/redmine_openid_connect/lib/redmine_openid_connect/account_controller_patch.rb:133:in oic_local_login'
lib/redmine/sudo_mode.rb:61:in `sudo_mode'
Started GET "/oic/local_login?code=-RoKZNtTN2_fz3J-XW08M_b_xU433M-nKrJwNRumuC4&state=0b49e273-5842-462e-9cf5-116a52d757ca" for 146.107.124.99 at 2022-02-02 13:18:45 +0100
Processing by AccountController#oic_local_login as HTML
Parameters: {"code"=>"-RoKZNtTN2_fz3J-XW08aeafavdzObadfUDC-nKrJwNRumuC4", "state"=>"0b49e273-5842-345f-9cf5-116a52d757ca"}
Current user: anonymous
Completed 500 Internal Server Error in 801ms (ActiveRecord: 7.2ms)

I have integrated keycloak with redmine using this plugin. Users are able to log in via keycloak SSO. But, when try to login from Redmine direct login using the same password used to log through SSO not work. Hope you understand the issue. Any support in this is highly appreciated.
Thank you.

Hi all,

Was anybody able to successfully config a MS Azure IDP? I could get the auth process to work but not to add the user property "administrator" to the respective user. MS Azure does not include "member_of" in the id_token and it's also not possible to add it in the "app registration", instead there's "groups". So i replaced every occurrence of "member_of" in the file "oic_session.rb" through "groups". But that didn't work. Any ideas how to fix that?

And what needs to be done, that the user gets automatically created in redmine after a successful login?

Thanks,

Keycloak is currently a very popular IDP/IAM solution, it would be nice to have seamless support of its accesstoken structure, etc

Feature Request.
After IPD login one would expect that the site originally requested will show up. But this information is lost, after login.
E.g. clicking on an issue from an email, one will be redirected to 'Home' instead of the issue initially clicked.

My environment is Redmine version 4.0.2.stable. We would like support by all means because we want to do SSO by OpenID Connect.

# bundle exec rake redmine:plugins:migrate RAILS_ENV=production
rake aborted!
NoMethodError: undefined method `alias_method_chain' for ApplicationController:Class
Did you mean?  alias_method
/opt/bitnami/apps/redmine/htdocs/plugins/redmine_openid_connect/lib/redmine_openid_connect/application_controller_patch.rb:7:in `block in included'
/opt/bitnami/apps/redmine/htdocs/plugins/redmine_openid_connect/lib/redmine_openid_connect/application_controller_patch.rb:6:in `class_eval'
/opt/bitnami/apps/redmine/htdocs/plugins/redmine_openid_connect/lib/redmine_openid_connect/application_controller_patch.rb:6:in `included'
/opt/bitnami/apps/redmine/htdocs/plugins/redmine_openid_connect/init.rb:18:in `include'
/opt/bitnami/apps/redmine/htdocs/plugins/redmine_openid_connect/init.rb:18:in `block in <top (required)>'
/opt/bitnami/apps/redmine/htdocs/config/environment.rb:14:in `<top (required)>'
Tasks: TOP => redmine:plugins:migrate => environment
(See full trace by running task with --trace)

These commits exist only in develop branch not in master.
8103ed0
7d67535
cbc6beb

@triplem Could you clarify the current branching strategy?

I'm having an issue installing this plugin once I try running the plugin migrations using rake after cloning this repo into the plugins folder and running bundle install.

root@redmine-76569c8887-6qbg9:/opt/bitnami/redmine# bundle exec rake redmine:plugins:migrate RAILS_ENV=production
rake aborted!
LoadError: cannot load such file -- redmine_openid_connect/application_controller_patch
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.1/lib/zeitwerk/kernel.rb:35:in `require'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.1/lib/zeitwerk/kernel.rb:35:in `require'
/opt/bitnami/redmine/plugins/redmine_openid_connect/init.rb:2:in `<top (required)>'
/opt/bitnami/redmine/lib/redmine/plugin_loader.rb:31:in `load'
/opt/bitnami/redmine/lib/redmine/plugin_loader.rb:31:in `run_initializer'
/opt/bitnami/redmine/lib/redmine/plugin_loader.rb:108:in `each'
/opt/bitnami/redmine/lib/redmine/plugin_loader.rb:108:in `block in load'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:427:in `instance_exec'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:427:in `block in make_lambda'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:198:in `block (2 levels) in halting'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:604:in `block (2 levels) in default_terminator'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:603:in `catch'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:603:in `block in default_terminator'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:199:in `block in halting'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:512:in `block in invoke_before'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:512:in `each'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:512:in `invoke_before'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:105:in `run_callbacks'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/reloader.rb:88:in `prepare!'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/application/finisher.rb:124:in `block in <module:Finisher>'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/initializable.rb:32:in `instance_exec'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/initializable.rb:32:in `run'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/initializable.rb:61:in `block in run_initializers'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/initializable.rb:60:in `run_initializers'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/application.rb:391:in `initialize!'
/opt/bitnami/redmine/config/environment.rb:16:in `<top (required)>'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.1/lib/zeitwerk/kernel.rb:35:in `require'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.1/lib/zeitwerk/kernel.rb:35:in `require'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/dependencies.rb:332:in `block in require'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/dependencies.rb:299:in `load_dependency'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/dependencies.rb:332:in `require'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/application.rb:367:in `require_environment!'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/railties-6.1.7/lib/rails/application.rb:533:in `block in run_tasks_blocks'
/opt/bitnami/redmine/vendor/bundle/ruby/3.0.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/opt/bitnami/ruby/bin/bundle:25:in `load'
/opt/bitnami/ruby/bin/bundle:25:in `<main>'
Tasks: TOP => redmine:plugins:migrate => environment
(See full trace by running task with --trace)

Using the bitnami helm chart for redmine version 5.0.3.

I installed the openid connect plugin
when I click on sso login I get
http://10.249.32.22:3000/oic/login?utf8=%E2%9C%93&back_url=%2F&login-openid=Login+with+SSO
Page not found

I have verified my redirect url

I am doing this on ubuntu 22.04
redmine 5.0.1

, [2022-06-01T19:10:32.449572 #1245] INFO -- : [2666f2ab-b803-4b2a-ae90-a1a9febc040e] Started GET "/oic/login?utf8=%E2%9C%93&back_url=%2F&login-openid=Login+with+SSO" for 10.249.8.2 at 2022-06-01 19:10:32 +0000
F, [2022-06-01T19:10:32.454154 #1245] FATAL -- : [2666f2ab-b803-4b2a-ae90-a1a9febc040e]
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] AbstractController::ActionNotFound (The action 'oic_login' could not be found for AccountController
Did you mean? require_login
check_if_login_required
autologin_cookie_name
try_to_autologin):
[2666f2ab-b803-4b2a-ae90-a1a9febc040e]
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/abstract_controller/base.rb:160:in process' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionview (6.1.6) lib/action_view/rendering.rb:39:in process'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_controller/metal.rb:190:in dispatch' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_controller/metal.rb:254:in dispatch'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/routing/route_set.rb:50:in dispatch' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/routing/route_set.rb:33:in serve'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/journey/router.rb:50:in block in serve' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/journey/router.rb:32:in each'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/journey/router.rb:32:in serve' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/routing/route_set.rb:842:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/tempfile_reaper.rb:15:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/etag.rb:27:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/conditional_get.rb:27:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/head.rb:12:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/http/permissions_policy.rb:22:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/http/content_security_policy.rb:19:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/session/abstract/id.rb:266:in context' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/session/abstract/id.rb:260:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/cookies.rb:689:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/callbacks.rb:27:in block in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] activesupport (6.1.6) lib/active_support/callbacks.rb:98:in run_callbacks' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/callbacks.rb:26:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/debug_exceptions.rb:29:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/show_exceptions.rb:33:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] railties (6.1.6) lib/rails/rack/logger.rb:37:in call_app'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] railties (6.1.6) lib/rails/rack/logger.rb:26:in block in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] activesupport (6.1.6) lib/active_support/tagged_logging.rb:99:in block in tagged'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] activesupport (6.1.6) lib/active_support/tagged_logging.rb:37:in tagged' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] activesupport (6.1.6) lib/active_support/tagged_logging.rb:99:in tagged'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] railties (6.1.6) lib/rails/rack/logger.rb:26:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/remote_ip.rb:81:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] request_store (1.5.1) lib/request_store/middleware.rb:19:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/request_id.rb:26:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/method_override.rb:24:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/runtime.rb:22:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] activesupport (6.1.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/executor.rb:14:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/static.rb:24:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/sendfile.rb:110:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] rack (2.2.3.1) lib/rack/content_length.rb:17:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] actionpack (6.1.6) lib/action_dispatch/middleware/host_authorization.rb:142:in call'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] railties (6.1.6) lib/rails/engine.rb:539:in call' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:107:in process_request'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:149:in accept_and_process_next_request' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:110:in main_loop'
[2666f2ab-b803-4b2a-ae90-a1a9febc040e] /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:in block (3 levels) in start_threads' [2666f2ab-b803-4b2a-ae90-a1a9febc040e] /usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in block in create_thread_and_abort_on_exception'