Project

General

Profile

Actions

Bug #4296

closed

[SSO] 500 from a fresh login

Added by Brett Smith over 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
1.0

Description

Steps to reproduce:

  1. Start with a new browser session. No cookies, etc.
  2. Visit workbench.qr1hi.
  3. Click "Log in."
  4. Go through Google's log in process.

Expected results:

After you finish that login process, you land on a Workbench page.

Actual results:

When you log in with Google, you get a 500 page. If you go back to workbench.qr1hi, you can click "Log in" again, and it works that time. It seems like there's something off about the case where the user is not already logged in with Google when they try to log in.


Subtasks 2 (0 open2 closed)

Task #4588: FixResolvedPeter Amstutz10/23/2014Actions
Task #4377: DiagnoseResolvedPeter Amstutz10/23/2014Actions

Related issues

Related to Arvados - Feature #4570: [SSO] Implement Google OAuth2 for new SSO installationsResolvedPeter Amstutz11/05/2014Actions
Actions #1

Updated by Tom Clegg over 9 years ago

  • Target version changed from Bug Triage to Arvados Future Sprints
Actions #2

Updated by Tom Clegg over 9 years ago

  • Story points set to 1.0
Actions #3

Updated by Ward Vandewege over 9 years ago

  • Target version changed from Arvados Future Sprints to 2014-11-19 sprint
Actions #4

Updated by Ward Vandewege over 9 years ago

  • Assigned To set to Peter Amstutz
Actions #5

Updated by Peter Amstutz over 9 years ago

Started GET "/" for 127.0.0.1 at 2014-11-17 14:27:34 -0500
Processing by AuthController#welcome as HTML
Rendered auth/welcome.html.erb within layouts/application (1.6ms)
Completed 500 Internal Server Error in 16ms

ActionView::Template::Error (application.css isn't precompiled):
    2: <html>
    3: <head>
    4:   <title>CfiOauthProvider</title>
    5:   <%= stylesheet_link_tag    "application", :media => "all" %>
    6:   <%= javascript_include_tag "application" %>
    7:   <%= csrf_meta_tags %>
    8: </head>
  app/views/layouts/application.html.erb:5:in `_app_views_layouts_application_html_erb__1919252491310798925_40904760'

Actions #6

Updated by Peter Amstutz over 9 years ago

This seems like it might be the root cause of the redirection issue:

https://code.google.com/p/gdata-issues/issues/detail?id=6628

Actions #7

Updated by Peter Amstutz over 9 years ago

  • Target version changed from 2014-11-19 sprint to 2014-12-10 sprint
Actions #8

Updated by Peter Amstutz over 9 years ago

commit:cfd47c9a7abf514ce34fb6f762850bafdb33bace in the sso-provider repository fixes the actual 500 error.

However, there is still a problem with redirects, where Google's sign in page actually causes the browser to visit the callback more than once. The first callback removes the redirect from the session, but the user actually sees the result of the 2nd callback, which doesn't have the redirect any more and so they end up at a generic page, which was the one that was broken and fixed in the above commit.

On google's side, the problem of getting more than one callback may be fixed on OAuth2 login page, although the bug report in note #6 is for OAuth2 and not OpenId.

The missing redirect problem wouldn't be such a big deal except that the fallback "welcome" page consists of simply a hardcoded link to qr1hi. If we had #3312, this page could actually be useful.

Actions #9

Updated by Peter Amstutz over 9 years ago

Fixes related to this are merged into #4570, please review it there.

Actions #10

Updated by Peter Amstutz about 9 years ago

  • Status changed from New to In Progress
Actions #11

Updated by Ward Vandewege about 9 years ago

  • Status changed from In Progress to Resolved

I reviewed and merged this over the weekend.

Actions

Also available in: Atom PDF