Task #3710
open
Added by Thorsten Behrens 8 months ago.
Updated about 1 month ago.
Description
Seems currently, there's a number of problems with signing in via SSO (both for prod, as well as test instance vm149.documentfoundation.org)
Two (likely related) symptoms are reported right now:
- site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, displays a 'Server Error (500)'
- site asks for 'need more recent authentication', then redirects to auth.tdf, after logging in, redirects back to proteus, which redirects back to auth.tdf (auth loop)
Can provide screencasts of problems (in both cases, browser was Firefox, but happens with Chrome too). Can't attach here, webm not permitted as valid attachment.
Thorsten Behrens wrote in #note-2:
Fallback for people who want to apply / update their membership: please consider using the older tdf-membership@lists.documentfoundation.org email alias.
Hmm, this is annoying. I see two problems:
1) Proteus works for me, so I don't see the breakage (sure, I trust you that the problem is there, but I don't have a test, non-MC account to see it)
2) Mailing the MC list sounds great, but I'm not aware of a mechanism to manually add applications. I fear proteus only lets us to vote no applications which are submitted via proteus.
So resolving this ASAP would be really nice. Thanks.
I tested in the following environment and did not reproduce this issue.
- Debian 11, Firefox 123.0
- Android, Firefox
- Android, Chrome
"This application needs a more recent authentication. Do you want to reauthenticate?" messages appear occasionally, but I was successful with "Renew session".
This quarter have already started and several people have logged in and applied for renew. It seems like the problem only occurs in certain cases, but I think it's not easy on the MC side to guess what it is.
Marco Marinello thinks the issues are distinct and published a fix for the HTTP 500 issue, which is now deployed to production.
I think this can be closed, I haven't heard complains about this in a while. Thanks.
It seems more an issue with LemonLDAP - I've recently seen the exact same problem when doing 2FA login for the conference site, where three attempts in very short sequence where needed to finally authenticate.
Note that likely the crucial bits here seem to be enabled 2FA for the TDF user account.
Also available in: Atom
PDF