← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #73790

[Bug 1731980] Re: Redirect to login after Authentication completed. without explanation

  Thread PreviousDate PreviousThread Next 
We have the same problem with pike.
The first logins get redirected to the login page, although the logs say login was successful:
[Fri Jul 13 06:21:54.054265 2018] [wsgi:error] [pid 8324:tid 140488754718464] DEBUG:keystoneauth.session:GET call to identity for https://internal.<api-endpooint>:5000/v3/users/7304c7bddd624e928efc7984ff4585
cf/projects used request id req-4689361a-16bc-451a-9b7c-c7b446730f86
[Fri Jul 13 06:21:54.054786 2018] [wsgi:error] [pid 8324:tid 140488754718464] DEBUG:keystoneauth.identity.v3.base:Making authentication request to https://internal.<api-endpooint>:5000/v3/auth/tokens
[Fri Jul 13 06:21:54.090009 2018] [wsgi:error] [pid 8324:tid 140488754718464] DEBUG:urllib3.connectionpool:https://internal.<api-endpooint>:5000 "POST /v3/auth/tokens HTTP/1.1" 201 11353
[Fri Jul 13 06:21:54.091301 2018] [wsgi:error] [pid 8324:tid 140488754718464] DEBUG:keystoneauth.identity.v3.base:{"token": ...
[Fri Jul 13 06:21:54.097652 2018] [wsgi:error] [pid 8324:tid 140488754718464] Login successful for user "christian.zunker", remote address 172.20.2.125.
[Fri Jul 13 06:21:54.247158 2018] [wsgi:info] [pid 8330:tid 140488754718464] [remote 172.20.2.125:25117] mod_wsgi (pid=8330, process='horizon', application=''): Loading WSGI script '/openstack/venvs/horizon-16.0.8/lib/python2.7/dist-packages/openstack_dashboard/wsgi/django.wsgi'.


This is an openstack-ansible installation. I tried the SESSION_ENGINE with three different settings:
- memcached only (3 servers)
- DB only (Galera cluster)
- cached_db
All three settings have the same problem.

This is the context I'm calling: /auth/login/?next=/identity/
Taking a look at the requests:
POST /auth/login/ => HTTP 302
GET /identity/ => HTTP 302
GET /auth/login/?next=/identity/ => HTTP 200
And this repeats. After three lognis, I get:
You do not have permission to access the resource: /identity/
Login in again, it works (sometimes it needs a second time here):
POST /auth/login/ => HTTP 302
GET /identity/ => HTTP 200

access log:
172.20.2.125 - - [13/Jul/2018:06:38:45 +0000] "GET /identity/ HTTP/1.1" 302 3844 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:38:48 +0000] "GET /auth/login/?next=/identity/ HTTP/1.1" 200 3920 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:00 +0000] "POST /auth/login/ HTTP/1.1" 302 1059 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:02 +0000] "GET /identity/ HTTP/1.1" 302 364 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:05 +0000] "GET /auth/login/?next=/identity/ HTTP/1.1" 200 3921 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:15 +0000] "POST /auth/login/ HTTP/1.1" 302 906 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:18 +0000] "GET /identity/ HTTP/1.1" 302 364 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:20 +0000] "GET /auth/login/?next=/identity/ HTTP/1.1" 200 3918 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:29 +0000] "POST /auth/login/ HTTP/1.1" 302 906 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:32 +0000] "GET /identity/ HTTP/1.1" 302 364 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:35 +0000] "GET /auth/login/?next=/identity/ HTTP/1.1" 200 4184 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:43 +0000] "POST /auth/login/ HTTP/1.1" 302 1059 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:44 +0000] "GET /identity/ HTTP/1.1" 302 364 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:47 +0000] "GET /auth/login/?next=/identity/ HTTP/1.1" 200 4184 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:54 +0000] "POST /auth/login/ HTTP/1.1" 302 1059 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:54 +0000] "GET /identity/ HTTP/1.1" 200 15885 "https://172.20.243.234/auth/login/?next=/identity/"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"


After these initial multiple logins everything works. To reproduce the login problem, I just have to restart the apache webserver.


** Changed in: horizon
       Status: Expired => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1731980

Title:
  Redirect to login after Authentication completed. without explanation

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Using current master and a Newton Keystone v3 Horizon is stuck on
  login page.

  LOGGING set to debug:

  
  2017-11-13 16:54:01,304 DEBUG openstack_auth.backend backend: Beginning user authentication
  2017-11-13 16:54:01,305 DEBUG openstack_auth.plugin.password password: Attempting to authenticate for cloud_admin
  2017-11-13 16:54:01,947 DEBUG openstack_auth.backend backend: Authentication completed.
  2017-11-13 16:54:01,948 INFO openstack_auth.forms forms: Login successful for user "cloud_admin", remote address 127.0.0.1.
  2017-11-13 16:54:01,951 INFO horizon.operation_log operation_log: [127.0.0.1] [None] [None] [cloud_admin] [a5fd590f97ed41bebd2250973b12f49a] [cloud_admin] [xxxxx] [https] [/auth/login/] [/auth/login/] [None] [POST] [302] [{"fake_email": "", "username": "cloud_admin", "domain": "cloud_admin", "fake_password": "", "region": "http://172.29.236.9:35357/v3";, "next": "/", "csrfmiddlewaretoken": "xxxyy", "password": "********"}]

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1731980/+subscriptions

References

  Thread PreviousDate PreviousThread Next