Task #3710
openSSO login problems
0%
Description
Seems currently, there's a number of problems with signing in via SSO (both for prod, as well as test instance vm149.documentfoundation.org)
Two (likely related) symptoms are reported right now:- site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, displays a 'Server Error (500)'
- site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, redirects back to proteus, which redirects back to auth.tdf (auth loop)
Updated by Thorsten Behrens 8 months ago
Can provide screencasts of problems (in both cases, browser was Firefox, but happens with Chrome too). Can't attach here, webm not permitted as valid attachment.
Updated by Thorsten Behrens 8 months ago
Fallback for people who want to apply / update their membership: please consider using the older tdf-membership@lists.documentfoundation.org email alias.
Updated by Miklos Vajna 8 months ago
Thorsten Behrens wrote in #note-2:
Fallback for people who want to apply / update their membership: please consider using the older tdf-membership@lists.documentfoundation.org email alias.
Hmm, this is annoying. I see two problems:
1) Proteus works for me, so I don't see the breakage (sure, I trust you that the problem is there, but I don't have a test, non-MC account to see it)
2) Mailing the MC list sounds great, but I'm not aware of a mechanism to manually add applications. I fear proteus only lets us to vote no applications which are submitted via proteus.
So resolving this ASAP would be really nice. Thanks.
Updated by Shinji Enoki 8 months ago
I tested in the following environment and did not reproduce this issue.
- Debian 11, Firefox 123.0
- Android, Firefox
- Android, Chrome
"This application needs a more recent authentication. Do you want to reauthenticate?" messages appear occasionally, but I was successful with "Renew session".
This quarter have already started and several people have logged in and applied for renew. It seems like the problem only occurs in certain cases, but I think it's not easy on the MC side to guess what it is.
Updated by Guilhem Moulin 7 months ago
Marco Marinello thinks the issues are distinct and published a fix for the HTTP 500 issue, which is now deployed to production.
Updated by Miklos Vajna about 1 month ago
I think this can be closed, I haven't heard complains about this in a while. Thanks.
Updated by Thorsten Behrens about 1 month ago
It seems more an issue with LemonLDAP - I've recently seen the exact same problem when doing 2FA login for the conference site, where three attempts in very short sequence where needed to finally authenticate.
Note that likely the crucial bits here seem to be enabled 2FA for the TDF user account.