Unable to log into Authelia Portal

This issue has been created since 2021-11-18.

Hi,

I'm having an issue with my Authelia deployment in that I am unable to log into the portal to register a device for a user.
On version v4.32.2 with NGINX. I can see the authentication attempt is successful however NGINX redirects me back to the login prompt.

Below is the code for NGINX and Authelia.

Any help appreciated!

Authelia Config

host: 0.0.0.0
port: 9091
log:
level: debug
format: text
file_path: /config/authelia.log
keep_stdout: false
jwt_secret: REMOVED
default_redirection_url: https://millsyauth.theworkpc.com/
totp:
issuer: authelia.com
period: 30
skew: 1

duo_api:
hostname: api-da6508f4.duosecurity.com
integration_key: REMOVED
secret_key: REMOVED

authentication_backend:
disable_reset_password: false
file:
path: /config/users_database.yml # Make sure this file exists
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 64

access_control:
default_policy: deny
rules:
# Rules applied to everyone
- domain:
- "millsyauth.theworkpc.com"
policy: bypass
networks:
- 0.0.0.0/0
- domain: # Proxies needing 2 factor below
- "millsyfrontend.theworkpc.com"
policy: two_factor
networks:
- 0.0.0.0/0

session:
name: authelia_session

secret: REMOVED
expiration: 3600 # 1 hour
inactivity: 7200 # 2 hours
domain: theworkpc.com # Needs to be your root domain

redis:
host: authelia_redis_1
port: 6379

#password: auth

regulation:
max_retries: 5
find_time: 120
ban_time: 300

storage:
local:
path: /config/db.sqlite3

notifier:

filesystem:
filename: /config/notification.txt
find_time: 2m
ban_time: 10m

theme: dark # options: dark, light

storage:
local:
path: /config/db.sqlite3

notifier:
filesystem:
filename: /config/notification.txt

NGINX Config

server {
server_name millsyauth.theworkpc.com;
listen 80;
return 301 https://$server_name$request_uri;
}

server {
server_name millsyauth.theworkpc.com;
listen 443;

ssl_certificate           /etc/letsencrypt/live/millsyauth.theworkpc.com/cert.pem;
ssl_certificate_key       /etc/letsencrypt/live/millsyauth.theworkpc.com/privkey.pem;

ssl on;
ssl_session_cache  builtin:1000  shared:SSL:10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

location / {
    set $upstream_authelia http://127.0.0.1:9091;
    proxy_pass $upstream_authelia;

    client_body_buffer_size 128k;

    #Timeout if the real server is dead
    proxy_next_upstream error timeout invalid_header http_500 http_502     http_503;

    # Advanced Proxy Config
    send_timeout 5m;
    proxy_read_timeout 360;
    proxy_send_timeout 360;
    proxy_connect_timeout 360;

    # Basic Proxy Config
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_redirect  http://  $scheme://;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_cache_bypass $cookie_session;
    proxy_no_cache $cookie_session;
    proxy_buffers 64 256k;

    # If behind reverse proxy, forwards the correct IP
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.0.0.0/8;
    set_real_ip_from 192.168.0.0/16;
    set_real_ip_from fc00::/7;
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;
}

}

nightah wrote this answer on 2021-11-23

Can you please provide the Authelia logs when you are simulating the scenario?

Do you have any addons that are preventing cookies from being set?

millsy2000 wrote this answer on 2021-11-24

See below logs
Nothing that I am aware of that would stop cookies, have tried on multiple devices.

`time="2021-11-24T15:24:24+11:00" level=trace msg="Replied (status=401)" method=GET path=/api/verify remote_ip=165.225.232.86
time="2021-11-24T15:24:24+11:00" level=trace msg="Request hit" method=GET path=/ remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Replied (status=200)" method=GET path=/ remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Request hit" method=GET path=/static/js/index.829172be.js remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/js/index.829172be.js remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Request hit" method=GET path=/static/css/index.393eb37d.css remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/css/index.393eb37d.css remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Request hit" method=GET path=/static/js/vendor.d0bc79df.js remote_ip=203.6.185.18
time="2021-11-24T15:24:24+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/js/vendor.d0bc79df.js remote_ip=203.6.185.18
time="2021-11-24T15:24:25+11:00" level=trace msg="Request hit" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:24:25+11:00" level=trace msg="Replied (status=200)" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:24:25+11:00" level=trace msg="Request hit" method=GET path=/manifest.json remote_ip=203.6.185.18
time="2021-11-24T15:24:25+11:00" level=trace msg="Replied (status=200)" method=GET path=/manifest.json remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=trace msg="Request hit" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=debug msg="Mark authentication attempt made by user sean" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=debug msg="Credentials validation of user sean is ok" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=trace msg="Details for user sean => groups: [admins dev], emails [[email protected]]" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=debug msg="Check authorization of subject username=sean groups=admins,dev ip=203.6.185.18 and object https://millsyfrontend.freeddns.org/guacamole/ (method )."
time="2021-11-24T15:24:34+11:00" level=trace msg="ACL MISS Position 1 for subject username=sean groups=admins,dev ip=203.6.185.18 and object https://millsyfrontend.freeddns.org/guacamole/ (Method )"
time="2021-11-24T15:24:34+11:00" level=trace msg="ACL HIT Position 2 for subject username=sean groups=admins,dev ip=203.6.185.18 and object https://millsyfrontend.freeddns.org/guacamole/ (Method )"
time="2021-11-24T15:24:34+11:00" level=debug msg="Required level for the URL https://millsyfrontend.freeddns.org/guacamole/ is 2" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=warning msg="https://millsyfrontend.freeddns.org/guacamole/ requires 2FA, cannot be redirected yet" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:34+11:00" level=trace msg="Attempt successful: true, exec duration: 163, avg execution duration: 738, random delay ms: 0, total delay ms: 738, actual delay ms: 575" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:35+11:00" level=trace msg="Replied (status=200)" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:24:35+11:00" level=trace msg="Request hit" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:24:35+11:00" level=trace msg="Replied (status=200)" method=GET path=/api/state remote_ip=203.6.185.18

time="2021-11-24T15:24:35+11:00" level=trace msg="Replied (status=200)" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/ remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/ remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/static/js/vendor.d0bc79df.js remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/js/vendor.d0bc79df.js remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/static/js/index.829172be.js remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/js/index.829172be.js remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/static/css/index.393eb37d.css remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/static/css/index.393eb37d.css remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Request hit" method=GET path=/manifest.json remote_ip=203.6.185.18
time="2021-11-24T15:25:42+11:00" level=trace msg="Replied (status=200)" method=GET path=/manifest.json remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Request hit" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=debug msg="Mark authentication attempt made by user sean" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=debug msg="Credentials validation of user sean is ok" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Details for user sean => groups: [admins dev], emails [[email protected]]" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Attempt successful: true, exec duration: 82, avg execution duration: 647, random delay ms: 35, total delay ms: 682, actual delay ms: 600" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Replied (status=200)" method=POST path=/api/firstfactor remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Request hit" method=GET path=/api/state remote_ip=203.6.185.18
time="2021-11-24T15:25:47+11:00" level=trace msg="Replied (status=200)" method=GET path=/api/state remote_ip=203.6.185.18
`

nightah wrote this answer on 2021-12-08

I can't see anything in the logs that would indicate the behaviour you're seeing.

Can you perhaps make a gif/video of what occurs?

Have you attempted a browser with all your plugins turned off, like in Private browsing or Incognito mode?

clems4ever wrote this answer on 2022-01-11

@millsy2000 , please reopen this issue with some kind of gif/video if you're still facing the issue.

More Details About Repo
Owner Name authelia
Repo Name authelia
Full Name authelia/authelia
Language Go
Created Date 2016-12-07
Updated Date 2022-09-29
Star Count 14289
Watcher Count 157
Fork Count 796
Issue Count 121

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
Migrate Artifacts to Another Repository 1 2021-02-04 2022-07-23
Update Wasm3, make use of exciting new API 1 2021-03-18 2022-07-28
UnoCSS Extension does not display tooltip CSS definition on attributify items 1 2022-05-07 2022-09-25
Instant Disconnects after login, only on 1 toon 10 2021-09-25 2022-08-09
How to use include/skip directives on fragments with response based codegen? 2 2022-02-04 2022-09-23
[Suggestion] Last cleanup/rework on how we can make our system cleaner for dates 8 2022-06-18 2022-09-11
can't use np.expand_dims with specified keyword argument `axis` 0 2021-07-19 2022-09-11
Request for an updated package: nginx-extras Thank you 0 2022-07-31 2022-09-12
[FEATURE REQUEST] Option to add CC Payment Categories to Toolkit Reports 2 2021-11-06 2022-08-27
Add a new fact 0 2021-11-10 2022-01-20
policies.tf should be arn partition consistent 1 2022-04-15 2022-09-18
PoS Receipt printing causes extra post linefeeds 17 2022-01-25 2022-09-03
checkout format reports error 4 2022-07-01 2022-09-27
Custom tabs, app links and https scheme for Google Identity 6 2021-12-21 2022-09-11
Segmentation violation when using etcd with SSL 1 2022-06-14 2022-09-14
@tarojs/webpack5-runner 提供获取 webpack 静态配置文件入口 14 2022-09-20 2022-09-30
How to reload Quartz? 1 2021-08-18 2022-07-30
start error 1 2021-08-27 2022-01-16
[I] Some grey icons is not disabled in dark theme, white icons is disabled 12 2022-03-04 2022-09-09
[storage::hp::3par::ssh::plugin] Request a new modes "time" and "uptime" 0 2022-01-27 2022-08-01
Using typescript-generator without GPL 1 4 2021-02-01 2022-07-26
Time for a new release 1 2020-07-19 2022-09-07
[observability] update GitpodWorkspaceNodeHighNormalizedLoadAverage to trigger sooner 4 2022-01-11 2022-09-20
About decode_head & auxiliary_head 6 2021-11-17 2022-09-27
slackSend Notification failing, Response Code 400 1 2021-06-12 2022-09-20
No documentation for templates 3 2022-07-29 2022-09-17
[Bug Report] Tooltip placement can't auto update to "top" when the bottom space is insufficient 0 2021-12-10 2022-09-14
Rare crash on receiving an emoji reaction 0 2021-12-01 2022-09-18
Change log level at runtime 4 2022-07-29 2022-09-26
Fix Python style issues, add linting to CI 2 2017-09-15 2022-09-16
Slow compound value binding with C99 designated initializers. 1 2022-03-15 2022-09-13
config.js is not being recognized 0 2021-09-09 2022-09-28
Using `DSL.row(subquery.asMultiset("my_alias"))` nested-ly causes query to break unless alias is removed from multiset 0 2022-08-15 2022-08-21
[Discussion] Don't compute divisions by default in `set_index`? 8 2021-11-30 2022-09-04
Clarify why we need 2 docker-compose.yml files. 0 2022-02-24 2022-09-26
Extra space added after line using icon within paragraph 6 2021-01-20 2022-08-17
[consult] dynamic graph storage 2 2022-06-11 2022-09-23
tengine-2.3.3 error: invalid option "--with-http_upstream_check_module" 1 2021-10-20 2022-09-23
Hiding OBS window (not with minimizing, but with hide from tray/status icon) when preview is active causes preview window to be transparent when OBS is shown/unhidden 1 2022-08-19 2022-09-22
Correct copyright notices to reflect Copyright OpenSearch Contributors 4 2021-08-06 2022-07-24
Enhance setup display in Time Series 1 2022-04-18 2022-08-10
Feature Request: Add support for npm-cache 2 2017-07-19 2022-09-11
1.7.8.2 - Wrong search box size - Backoffice (Spanish, Portuguese, etc.) 3 2021-12-13 2022-08-11
ENH: Support direct upload to S3 via signed URLs 1 2021-05-30 2022-09-16
Missing support for Unix Domain Socket configuration via `DD_TRACE_AGENT_URL` 2 2022-04-06 2022-05-26
pyi-error caused by circular dependency (Unreplaced NamedType) 0 2021-12-01 2022-09-18
Support reading git LFS files through `vscode-vfs` file system 9 2021-08-26 2022-09-19
Teach influxrpc_compare to serialise gRPC calls and write to disk 0 2022-02-22 2022-08-25
Bug if page initially opened through about:reader gets small image sizes from presets 0 2021-03-10 2022-09-22
hidden field not needed in the edit page 0 2021-10-15 2022-08-22