Project

General

Profile

Actions

Task #3710

open

SSO login problems

Added by Thorsten Behrens 3 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:

0%


Description

Seems currently, there's a number of problems with signing in via SSO (both for prod, as well as test instance vm149.documentfoundation.org)

Two (likely related) symptoms are reported right now:
  • site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, displays a 'Server Error (500)'
  • site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, redirects back to proteus, which redirects back to auth.tdf (auth loop)
Actions #1

Updated by Thorsten Behrens 3 months ago

Can provide screencasts of problems (in both cases, browser was Firefox, but happens with Chrome too). Can't attach here, webm not permitted as valid attachment.

Actions #2

Updated by Thorsten Behrens 2 months ago

Fallback for people who want to apply / update their membership: please consider using the older email alias.

Actions #3

Updated by Miklos Vajna 2 months ago

Thorsten Behrens wrote in #note-2:

Fallback for people who want to apply / update their membership: please consider using the older email alias.

Hmm, this is annoying. I see two problems:

1) Proteus works for me, so I don't see the breakage (sure, I trust you that the problem is there, but I don't have a test, non-MC account to see it)

2) Mailing the MC list sounds great, but I'm not aware of a mechanism to manually add applications. I fear proteus only lets us to vote no applications which are submitted via proteus.

So resolving this ASAP would be really nice. Thanks.

Actions #4

Updated by Shinji Enoki about 2 months ago

I tested in the following environment and did not reproduce this issue.

  • Debian 11, Firefox 123.0
  • Android, Firefox
  • Android, Chrome

"This application needs a more recent authentication. Do you want to reauthenticate?" messages appear occasionally, but I was successful with "Renew session".

This quarter have already started and several people have logged in and applied for renew. It seems like the problem only occurs in certain cases, but I think it's not easy on the MC side to guess what it is.

Actions #5

Updated by Guilhem Moulin about 2 months ago

Marco Marinello thinks the issues are distinct and published a fix for the HTTP 500 issue, which is now deployed to production.

Actions

Also available in: Atom PDF