You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -199,6 +199,10 @@ Any errors generated by the OpenID Connect flow are logged to the error log, `/v
199
199
* Check for `could not be resolved` and `empty JWK set while sending to client` messages in the error log. This is common when NGINX Plus cannot reach the IdP's `jwks_uri` endpoint.
200
200
* Check the `map...$oidc_jwt_keyfile` variable is correct.
201
201
* Check the `resolver` directive in **openid_connect.server_conf** is reachable from the NGINX Plus host.
202
+
* Check for `OIDC authorization code sent but token response is not JSON.` messages in the error log. This is common when NGINX Plus cannot decompress the IdP's response. Try add the following configuration snippet to the `/_jwks_uri` and `/_token` locations in the openid_connect.server_conf file.
203
+
```nginx
204
+
proxy_set_header Accept-Encoding "gzip";
205
+
```
202
206
203
207
***Authentication is successful but browser shows too many redirects**
204
208
* This is typically because the JWT sent to the browser cannot be validated, resulting in 'authorization required' `401` response and starting the authentication process again. But the user is already authenticated so is redirected back to NGINX, hence the redirect loop.
0 commit comments