Codeigniter OpenID ERR_SSL_PROTOCOL_ERROR

Question

Codeigniter OpenID ERR_SSL_PROTOCOL_ERROR

65 Views Asked by Codeboy Newbie At 20 February 2024 at 07:12

I am trying to implement Jumbojett OpenID Authentication in my Linux Centos 9 Server. This is my login controller (welcome.php) code:

public function login_sso()
{
if (!$this->session->userdata('USERNIP')) {
            $oidc = new OpenIDConnectClient(
                $this->config->item('SSO_PROVIDER_URL'),
                $this->config->item('SSO_CLIENT_ID'),
                $this->config->item('SSO_CLIENT_SECRET')
            );
            $isAuthenticate = $oidc->authenticate();
            if ($isAuthenticate) {
                $user = $this->M_welcome->get_login_complete_sso($oidc->requestUserInfo('preferred_username'));
                [$akses, $akses_lengkap, $role_id] = $this->M_welcome->get_user_access($user[0]->PEGAWAIID,  $oidc->requestUserInfo('preferred_username'), $user[0]->JENISPEGAWAIID);
                $data_session = array(
                    'USERLOGIN' => $oidc->requestUserInfo('email'),
                    'SSO_ID_TOKEN' => $oidc->getIdToken()
                );

                $this->session->set_userdata($data_session);

                redirect('user/profil/');
            }
        }
}

This is my htaccess code :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>

<IfModule !mod_rewrite.c>
    # If we don't have mod_rewrite installed, all 404's
    # can be sent to index.php, and everything works as normal.
    # Submitted by: ElliotHaughin

    ErrorDocument 404 /index.php
</IfModule>

And this is my base_url (censored it to mysite.go.id) in config.php :

$config['base_url'] = 'https://mysite.go.id/';

when i open my web application in the browser, it goes smoothly until i use my user credentials to login (username & password) and it redirects to a page that says :

This site can’t provide a secure connection mysite.go.id sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

The URL of that page seems to point at https://mysite.go.id:80/welcome/login_sso?state=6ea6c4c6f8538538621ed21fffa8e78c&session_state=1a223a56-9dba-447e-b6ed-9d79486420c9&code=18a981c1-d5a7-4ce2-8db7-4181244e4194.1a223a56-9dba-447e-b6ed-9d79486420c9.33e0c97f-f14d-4955-b0f1-863256cacd03 , i dont set the redirection port to 80 but it looks like it redirect to port 80 when the default port for ssl should be 443. I suspect this is the problem though i dont know how to fix this. Prior to using OpenID authentication (normal login with local db) it works smoothly, i got no related SSL error. But when i use OpenID authentication i keep getting this error, please help me what is wrong?

Original Q&A

There are 3 best solutions below

nulluuid On 20 February 2024 at 07:40

Don`t use CentOS in 2024

The CentOS Project will discontinue updates and releases of CentOS Linux between 2021 and 2024. As a result, CentOS Linux users must migrate to a new operating system to continue receiving updates, patches, and new features. This presents an opportunity to reassess your organization’s needs and migrate to a platform that will support your business now and in the future.

CentOS Stream is a continuously delivered distribution that lets open source community members contribute to Red Hat® Enterprise Linux in tandem with Red Hat developers. CentOS Stream may seem like a natural choice to replace CentOS Linux, but it is not designed for production use. It is intended as a development platform for Red Hat partners and others that want to participate and collaborate in the Red Hat Enterprise Linux ecosystem. Consequently, running CentOS Stream in production environments presents many challenges compared to enterprise-ready distributions like Red Hat Enterprise Linux.

More information

b126 On 22 February 2024 at 18:27

What is the content of SSO_PROVIDER_URL? I assume a proper SSL provider? It's not possible to have an SSL URI on port :80.

In the meantime, try the following code :

$oidc = new OpenIDConnectClient(
            $this->config->item('SSO_PROVIDER_URL'),
            $this->config->item('SSO_CLIENT_ID'),
            $this->config->item('SSO_CLIENT_SECRET')
        );
//$oidc->setVerifyHost(false);
//$oidc->setVerifyPeer(false);
$oidc->setHttpUpgradeInsecureRequests(false);
$oidc->authenticate();

Uncomment the two commented lines if the third one is not sufficient.

**Codeboy Newbie** · Accepted Answer · 2024-02-26T08:48:38.357000

Codeboy Newbie On 26 February 2024 at 08:48 BEST ANSWER

Apparently its a bug in the OpenID library itself based on this reference, specifically in OpenIDConnectClient.php where the $_SERVER['SERVER_PORT'] will automatically adding 80 port to redirect if its not converted to integer.

Codeigniter OpenID ERR_SSL_PROTOCOL_ERROR

There are 3 best solutions below

Related Questions in PHP

Related Questions in SSL

Related Questions in OPENID-CONNECT

Related Questions in OPENID

Trending Questions

Popular # Hahtags

Popular Questions