Project

General

Profile

Actions

Task #3710

open

SSO login problems

Added by Thorsten Behrens 8 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:

0%


Description

Seems currently, there's a number of problems with signing in via SSO (both for prod, as well as test instance vm149.documentfoundation.org)

Two (likely related) symptoms are reported right now:
  • site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, displays a 'Server Error (500)'
  • site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, redirects back to proteus, which redirects back to auth.tdf (auth loop)
Actions #1

Updated by Thorsten Behrens 8 months ago

Can provide screencasts of problems (in both cases, browser was Firefox, but happens with Chrome too). Can't attach here, webm not permitted as valid attachment.

Actions #2

Updated by Thorsten Behrens 8 months ago

Fallback for people who want to apply / update their membership: please consider using the older email alias.

Actions #3

Updated by Miklos Vajna 8 months ago

Thorsten Behrens wrote in #note-2:

Fallback for people who want to apply / update their membership: please consider using the older email alias.

Hmm, this is annoying. I see two problems:

1) Proteus works for me, so I don't see the breakage (sure, I trust you that the problem is there, but I don't have a test, non-MC account to see it)

2) Mailing the MC list sounds great, but I'm not aware of a mechanism to manually add applications. I fear proteus only lets us to vote no applications which are submitted via proteus.

So resolving this ASAP would be really nice. Thanks.

Actions #4

Updated by Shinji Enoki 8 months ago

I tested in the following environment and did not reproduce this issue.

  • Debian 11, Firefox 123.0
  • Android, Firefox
  • Android, Chrome

"This application needs a more recent authentication. Do you want to reauthenticate?" messages appear occasionally, but I was successful with "Renew session".

This quarter have already started and several people have logged in and applied for renew. It seems like the problem only occurs in certain cases, but I think it's not easy on the MC side to guess what it is.

Actions #5

Updated by Guilhem Moulin 7 months ago

Marco Marinello thinks the issues are distinct and published a fix for the HTTP 500 issue, which is now deployed to production.

Actions #6

Updated by Miklos Vajna about 1 month ago

I think this can be closed, I haven't heard complains about this in a while. Thanks.

Actions #7

Updated by Thorsten Behrens about 1 month ago

It seems more an issue with LemonLDAP - I've recently seen the exact same problem when doing 2FA login for the conference site, where three attempts in very short sequence where needed to finally authenticate.

Note that likely the crucial bits here seem to be enabled 2FA for the TDF user account.

Actions

Also available in: Atom PDF