0
Environment
  • lua-resty-openidc : v1.7.5
  • OpenID Connect provider: Keycloak
This is what I'm doing

For the info, I'm using it on our ingress-nginx-controller, with the entire content copied from /usr/local/openresty/lualib/resty to /etc/nginx/lua/. When the UI endpoint (i.e. https://ingress.myproject.local/myui) is called, it supposed to redirect the the connection to Keycloak. I have a client called myui under the master realm in Keycloak.

This my current code
location ~* "^/myui(/|$)(.*)" {
  .....
  .....
  access_by_lua_block {
      local opts = {
          redirect_uri = "/redirect_uri",
          accept_none_alg = true,
          discovery = "http://keycloak.myproject.local:8080/auth/realms/master/.well-known/openid-configuration",
          client_id = "myui",
          client_secret = "ABCDEFgHIJKLMnOPQRSTuVWXYZ",
          redirect_uri_scheme = "https",
          logout_path = "/logout",
          redirect_after_logout_uri = "http://keycloak.myproject.local:8080/auth/realms/master/protocol/openid-connect/logout?redirect_uri=https://ingress.myproject.local/myui/",
          redirect_after_logout_with_id_token_hint = false,
          session_contents = {id_token=true}
      }
      -- call introspect for OAuth 2.0 Bearer Access Token validation
      local res, err = require("resty.openidc").authenticate(opts)
           if err then
             ngx.status = 403
             ngx.say(err)
             ngx.exit(ngx.HTTP_FORBIDDEN)
           end
      }
     
      expires       0;
      add_header    Cache-Control private;
  }
}
This is what I get

Upon running, I get 500 Internal Server Error on the browser, with the error msg:

[error] 549#549: *123249 lua entry thread aborted:  run time error: /etc/nginx/lua/resty/openidc.lua:1459: attempt to call field 'start' (a nil value)
stack traceback:
coroutin 0:
     /etc/nginx/lua/resty/openidc.lua: in function 'authenticate' 
     access_by_lua(nginx.conf:1075): 16: in main chunk, client xx.xx.xx.xx , server:  ingress.myproject.local, request: "GET /myui HTTP/2.0", host: "ingress.myproject.local"

I don't see anything significant in the log related to that. Any idea why I'm getting this or what am I doing wrong?

-S

MacUsers
  • 2,091
  • 3
  • 35
  • 56

1 Answers1

0

The documentation for https://github.com/zmartzone/lua-resty-openidc says:

You will need to install two extra pure-Lua dependencies that implement session management and HTTP client functions:

It would appear that you didn't install lua-resty-session. The error you're getting is because r_session is nil, which was defined as local r_session = require("resty.session").

Joseph Sible-Reinstate Monica
  • 45,431
  • 5
  • 48
  • 98
  • I have `/etc/nginx/lua/resty/session.lua` present - is it not enough? – MacUsers May 12 '22 at 17:32
  • @MacUsers Is /etc/nginx/lua in your package.path? Did you put the session directory there too? – Joseph Sible-Reinstate Monica May 12 '22 at 17:35
  • okay, I see the `session` directory and `http` are actually missing. I'm putting that in now and will feed back shortly. – MacUsers May 12 '22 at 17:54
  • hi there! sorry for the late reply. Now I have all `session` directory and all of the `http` luas as well but still failing with exactly the same error. The _PATH_ wise it should be okay, otherwise it wouldn't find `openidc.lua` in the first place, right? – MacUsers May 13 '22 at 08:06
  • I'm running out of ideas: cannot figure out at all what's going wrong. Any other thoughts from anyone pls? – MacUsers May 13 '22 at 19:50
  • Any Lua/Nginx expert out here to help pls? I tried whatever I could, making sure `session`, `http` are present with all the necessary directories etc. but still no joy. I have to look for some alternative if I don't make any progress today. Any help will be really appreciated. – MacUsers May 16 '22 at 13:46