oidc_refresh_token_cache_get: existing refresh in progress #1209
sayan-oidc
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are getting below Warning messages in OIDC error logs continuously whenever high number of users are trying to login.
This is correlating with high number of authentication failures on the application side which is using the token to a verify users
[auth_openidc:warn] [pid 8198:tid 140335564973824] [client ip:port] [!dt dt.trace_id=a1aadf40cd56e88ad5ab68dfa380c3d1,dt.span_id=579332107215be9d,dt.trace_sampled=true] oidc_refresh_token_cache_get: existing refresh in progress for <encrypted_token>, back off for 0.5s before re-trying the cache, referer <referer_URL>
Sample OpenAuth OIDC configuration used for connecting to Microsoft to get the Azure token is provided below.
Can this configuration be checked to see why we are getting the above warning and suggestions on any modification required
LoadModule auth_openidc_module modules/mod_auth_openidc.so
OIDCProviderMetadataURL https://login.microsoftonline.com/<server_key>/v2.0/.well-known/openid-configuration
OIDCClientID <client_ID>
OIDCClientSecret <client_secret>
OIDCXForwardedHeaders X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
OIDCRedirectURI https://live.advisor.nat.bt.com/azure
OIDCCryptoPassphrase <pass_phrase>
OIDCScope "openid email profile offline_access"
OIDCProviderAuthorizationEndpoint https://login.microsoftonline.com/<server_key>/oauth2/v2.0/authorize
OIDCProviderTokenEndpoint https://login.microsoftonline.com/<server_key>/oauth2/v2.0/token
OIDCPassIDTokenAs claims
OIDCOAuthRemoteUserClaim OIDC_CLAIM_EIN
OIDCCookiePath /
OIDCCookieDomain <domain_name>
OIDCCookie <app_id>
OIDCCookieHTTPOnly On
OIDCRefreshAccessTokenBeforeExpiry 5401
OIDCSessionInactivityTimeout 7200
OIDCSessionMaxDuration 46800
OIDCOutgoingProxy
Below Parameters were added later to address cache size issue that was observed initially
OIDCCacheShmEntrySizeMax 20000
OIDCCacheEncrypt On
Cache Size issue :
dt.trace_id=b020449a74ef9d30bd279ae702e1cb36,dt.span_id=9d4f880c7f294efd,dt.trace_sampled=true] oidc_cache_shm_get_key: could not construct cache key since key size is too large (1002 >= 512) , referer <refere_URL>
[Tue Apr 02 23:35:38.885468 2024] [auth_openidc:warn] [pid 29996:tid 139854738355968] [client 10.50.152.32:50228] [!dt dt.trace_id=b020449a74ef9d30bd279ae702e1cb36,dt.span_id=9d4f880c7f294efd,dt.trace_sampled=true] oidc_cache_set: could NOT store 4736 bytes in shm cache backend for key , referer <refere_URL>
Beta Was this translation helpful? Give feedback.
All reactions