NOTE
If your issue is for security or deals with sensitive info please mark it as private using the checkbox below.
---- Fix the Labs download links on the website. No way to obtain v40 Design lab version, has no links. ---- Logins to various areas on Fedora sites fail regularly. Most commonly public forums. ---- Can't get into anywhere else to post this, so here it is.
---- No rush, after all these problems, I don't think I'll be in any hurry to use your products anytime soon.
The design suite was not produced for f40 due to problems with the blender package. Since thats a non blocking deliverable, the entire release wasn't blocked on it.
You could use the f39 one: https://dl.fedoraproject.org/pub/alt/releases/39/Labs/x86_64/iso/Fedora-Design_suite-Live-x86_64-39-1.5.iso and upgrade.
We will need more information on which "public forums" you are seeing failures on? Also, how does it fail? time out? error message?
This latest error was...
400 - Bad Request Invalid transaction id
...And that was trying to get in here to reply. On the third refresh of this page to view, the login link worked and popped me in without prompts. Previous errors were usually invalid username/password messages. They came from these forums, the GitLab site, and another I can't remember.
I wanted to thank you for that link to download. Going previous and upgrading is a perfectly acceptable solution.
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: Needs investigation
Strangely I can't seem to find any errors in the identity provider logs. All the entries there show successful.
Perhaps @zlopez or @abompard can see where this might be going awry?
I noticed that as well, it throws 400 - Bad Request and after visiting the service again you are logged in.
400 - Bad Request
I got one of the login errors yesterday on notifications.fedoraproject.org. I got the same error again today when logging in to post this.
Yesterday I pasted "https://notifications.fedoraproject.org/rules/246" into Firefox (because that program is too fancy to work in Seamonkey). The login form was displayed. Credentials were filled in from my keyring. I submitted the form and got 400 Bad Request. I then pasted the same URL again, and saw the notification rule without logging in again.
A log from Firefox follows. I have redacted everything that looked like it might possibly be secret. Some of the messages are translated, but those look like they're only warnings about things that will stop working in some future version. What they say is that some cookies lack valid "SameSite" attributes and that sizeToContent is deprecated.
11:41:16,919 Fetched service configuration Object { authorizationEndpoint: "https://id.fedoraproject.org/openidc/Authorization", tokenEndpoint: "https://id.fedoraproject.org/openidc/Token", revocationEndpoint: undefined, userInfoEndpoint: "https://id.fedoraproject.org/openidc/UserInfo", endSessionEndpoint: undefined } index-ujsPPI9n.js:39:14240 11:41:16,926 Making authorization request Object { authorizationEndpoint: "https://id.fedoraproject.org/openidc/Authorization", tokenEndpoint: "https://id.fedoraproject.org/openidc/Token", revocationEndpoint: undefined, userInfoEndpoint: "https://id.fedoraproject.org/openidc/UserInfo", endSessionEndpoint: undefined } Object { crypto: {}, usePkce: true, clientId: "fmn-frontend", redirectUri: "https://notifications.fedoraproject.org/login/fedora", scope: "openid profile email https://id.fedoraproject.org/scope/groups", responseType: "code", state: "REDACTED", extras: undefined, internal: undefined } index-ujsPPI9n.js:39:14596 11:41:16,928 Making a request to Object { crypto: {}, usePkce: true, clientId: "fmn-frontend", redirectUri: "https://notifications.fedoraproject.org/login/fedora", scope: "openid profile email https://id.fedoraproject.org/scope/groups", responseType: "code", state: "REDACTED", extras: {…}, internal: {…} } https://id.fedoraproject.org/openidc/Authorization?redirect_uri=https%3A%2F%2Fnotifications.fedoraproject.org%2Flogin%2Ffedora&client_id=fmn-frontend&response_type=code&state=REDACTED&scope=openid%20profile%20email%20https%3A%2F%2Fid.fedoraproject.org%2Fscope%2Fgroups&code_challenge=REDACTED&code_challenge_method=S256 index-ujsPPI9n.js:38:7598 11:41:16,937 Error: Unable to preload CSS for /assets/TrackingRule-xsjE9iaN.css s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 Qs https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 component https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 Fu https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 promise callback*N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 O https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 _ https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 install https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 use https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:1 <anonymous> https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 index-ujsPPI9n.js:34:21195 11:41:16,939 Uncaught (in promise) Error: Unable to preload CSS for /assets/TrackingRule-xsjE9iaN.css s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 Qs https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 component https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 Fu https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 promise callback*N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 O https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 _ https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 install https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 use https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:1 <anonymous> https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 index-ujsPPI9n.js:14:1660 11:41:18,148 Vissa kakor missbrukar det rekommenderade attributet "SameSite" 2 11:41:18,148 Kaka "REDACTED" har inte ett korrekt "SameSite" attributvärde. Snart kommer kakor utan attributet "SameSite" eller med ett ogiltigt värde att behandlas som "Lax". Detta innebär att kakan inte längre skickas i externa sammanhang. Om din applikation beror på att denna kaka är tillgänglig i sådana sammanhang, lägg till attributet "SameSite=None" till den. Läs https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite om du vill veta mer om attributet "SameSite" negotiate 11:41:18,148 Kaka "fedora_ipsilon_session_id" har inte ett korrekt "SameSite" attributvärde. Snart kommer kakor utan attributet "SameSite" eller med ett ogiltigt värde att behandlas som "Lax". Detta innebär att kakan inte längre skickas i externa sammanhang. Om din applikation beror på att denna kaka är tillgänglig i sådana sammanhang, lägg till attributet "SameSite=None" till den. Läs https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite om du vill veta mer om attributet "SameSite" negotiate 11:41:18,215 sizeToContent() är föråldrad och kommer att tas bort i framtiden. commonDialog.js:132:10 11:42:00,941 Kaka "fedora_ipsilon_session_id" har inte ett korrekt "SameSite" attributvärde. Snart kommer kakor utan attributet "SameSite" eller med ett ogiltigt värde att behandlas som "Lax". Detta innebär att kakan inte längre skickas i externa sammanhang. Om din applikation beror på att denna kaka är tillgänglig i sådana sammanhang, lägg till attributet "SameSite=None" till den. Läs https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite om du vill veta mer om attributet "SameSite" Continue 11:42:43,566 AbortError: Actor 'Conduits' destroyed before query 'RuntimeMessage' was resolved ConduitsParent.sys.mjs:379 _raceResponses resource://gre/modules/ConduitsParent.sys.mjs:379 11:42:44,069 Fetched service configuration Object { authorizationEndpoint: "https://id.fedoraproject.org/openidc/Authorization", tokenEndpoint: "https://id.fedoraproject.org/openidc/Token", revocationEndpoint: undefined, userInfoEndpoint: "https://id.fedoraproject.org/openidc/UserInfo", endSessionEndpoint: undefined } index-ujsPPI9n.js:39:14240 11:42:44,072 Making authorization request Object { authorizationEndpoint: "https://id.fedoraproject.org/openidc/Authorization", tokenEndpoint: "https://id.fedoraproject.org/openidc/Token", revocationEndpoint: undefined, userInfoEndpoint: "https://id.fedoraproject.org/openidc/UserInfo", endSessionEndpoint: undefined } Object { crypto: {}, usePkce: true, clientId: "fmn-frontend", redirectUri: "https://notifications.fedoraproject.org/login/fedora", scope: "openid profile email https://id.fedoraproject.org/scope/groups", responseType: "code", state: "REDACTED", extras: undefined, internal: undefined } index-ujsPPI9n.js:39:14596 11:42:44,075 Making a request to Object { crypto: {}, usePkce: true, clientId: "fmn-frontend", redirectUri: "https://notifications.fedoraproject.org/login/fedora", scope: "openid profile email https://id.fedoraproject.org/scope/groups", responseType: "code", state: "REDACTED", extras: {…}, internal: {…} } https://id.fedoraproject.org/openidc/Authorization?redirect_uri=https%3A%2F%2Fnotifications.fedoraproject.org%2Flogin%2Ffedora&client_id=fmn-frontend&response_type=code&state=REDACTED&scope=openid%20profile%20email%20https%3A%2F%2Fid.fedoraproject.org%2Fscope%2Fgroups&code_challenge=REDACTED&code_challenge_method=S256 index-ujsPPI9n.js:38:7598 11:42:44,086 Error: Unable to preload CSS for /assets/TrackingRule-xsjE9iaN.css s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 Qs https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 component https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 Fu https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 promise callback*N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 O https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 _ https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 install https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 use https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:1 <anonymous> https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 index-ujsPPI9n.js:34:21195 11:42:44,087 Uncaught (in promise) Error: Unable to preload CSS for /assets/TrackingRule-xsjE9iaN.css s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 s https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 Qs https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:14 component https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 Fu https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 promise callback*N https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 O https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 _ https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 install https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:34 use https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:1 <anonymous> https://notifications.fedoraproject.org/assets/index-ujsPPI9n.js:43 index-ujsPPI9n.js:14:1660 11:42:45,950 Fetched service configuration Object { authorizationEndpoint: "https://id.fedoraproject.org/openidc/Authorization", tokenEndpoint: "https://id.fedoraproject.org/openidc/Token", revocationEndpoint: undefined, userInfoEndpoint: "https://id.fedoraproject.org/openidc/UserInfo", endSessionEndpoint: undefined } index-ujsPPI9n.js:39:14240 11:42:45,955 Checking to see if there is an authorization response to be delivered. index-ujsPPI9n.js:38:7631 11:42:45,955 Potential authorization request https://notifications.fedoraproject.org/login/fedora Object { code: "REDACTED", state: "REDACTED" } REDACTED REDACTED undefined index-ujsPPI9n.js:38:7598 11:42:45,956 Delivering authorization response index-ujsPPI9n.js:38:7631 11:42:45,956 Authorization request complete Object { crypto: {}, usePkce: true, clientId: "fmn-frontend", redirectUri: "https://notifications.fedoraproject.org/login/fedora", scope: "openid profile email https://id.fedoraproject.org/scope/groups", responseType: "code", state: "REDACTED", extras: {…}, internal: {…} } Object { code: "REDACTED", state: "REDACTED" } null index-ujsPPI9n.js:39:15987 11:42:46,100 Got OIDC token response: Object { accessToken: "REDACTED", tokenType: "Bearer", expiresIn: 3600, refreshToken: "REDACTED", scope: undefined, idToken: "REDACTED", issuedAt: 1717494166 } index-ujsPPI9n.js:39:17994 11:42:47,100 Got user info response: Object { name: "Björn Persson", nickname: "rombobeorn", preferred_username: "rombobeorn", zoneinfo: "Europe/Stockholm", locale: "sv", email: "bjorn@xn--rombobjrn-67a.se", groups: (5) […], sub: "rombobeorn" } index-ujsPPI9n.js:39:18268 11:42:47,101 Will redirect to /rules/246 LoginFedora-Zf54K93T.js:1:1206 11:43:42,979 <Provider> does not support changing `store` on the fly. It is most likely that you see this error because you updated to Redux 2.x and React Redux 2.x which no longer hot reload reducers automatically. See https://github.com/reactjs/react-redux/releases/tag/v2.0.0 for the migration instructions. react-redux.js:881:13
Here on pagure.io I use Seamonkey. I clicked on "Log in" at the bottom of this page. The login form was displayed. Credentials were filled in from my keyring. I submitted the form and got 400:
Invalid transaction id
I then went back and clicked on "Log in" again, and was immediately logged in.
I got a log of many HTTP requests in Seamonkey. Unforunately copying the log works really poorly. I have to edit it extensively to make it readable, which would take too long to do with the whole log. Here are the headers of the two most relevant-looking requests and responses:
POST https://id.fedoraproject.org/login/pam Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: sv,en;q=0.5 Connection: keep-alive Content-Length: 130 Content-Type: application/x-www-form-urlencoded Cookie: REDACTED=openid; fedora_ipsilon_session_id=REDACTED; REDACTED=login; REDACTED=login DNT: 1 Host: id.fedoraproject.org Origin: https://id.fedoraproject.org Referer: https://id.fedoraproject.org/login/gssapi/negotiate?ipsilon_transaction_id=REDACTED Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 HTTP/2.0 303 See Other X-Firefox-Spdy: h2 apptime: D=1874078 cache-control: no-cache, no-store, must-revalidate, private content-length: 256 content-security-policy: frame-ancestors 'none' content-type: text/html;charset=utf-8 date: Wed, 05 Jun 2024 13:17:51 GMT location: https://id.fedoraproject.org/openidc/Continue?ipsilon_transaction_id=REDACTED pragma: no-cache referrer-policy: same-origin server: Apache set-cookie: REDACTED=login; HttpOnly; Max-Age=300; Path=/; Secure fedora_ipsilon_session_id=REDACTED; expires=Wed, 05 Jun 2024 13:32:51 GMT; HttpOnly; Max-Age=900; Path=/; Secure ipsilon_default_username=rombobeorn; HttpOnly; Max-Age=1296000; Path=/; Secure strict-transport-security: max-age=31536000; preload x-content-type-options: nosniff x-fedora-appserver: ipsilon02.iad2.fedoraproject.org x-fedora-proxyserver: proxy36.fedoraproject.org x-fedora-requestid: REDACTED x-frame-options: SAMEORIGIN, deny x-xss-protection: 1; mode=block GET https://id.fedoraproject.org/openidc/Continue Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: sv,en;q=0.5 Connection: keep-alive Cookie: REDACTED=openid; fedora_ipsilon_session_id=REDACTED; REDACTED=login; REDACTED=login; REDACTED=login; ipsilon_default_username=rombobeorn DNT: 1 Host: id.fedoraproject.org Referer: https://id.fedoraproject.org/login/gssapi/negotiate?ipsilon_transaction_id=REDACTED Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 HTTP/2.0 400 Bad Request X-Firefox-Spdy: h2 access-control-allow-origin: * apptime: D=198484 cache-control: no-cache, no-store, must-revalidate, private content-length: 4336 content-security-policy: frame-ancestors 'none' content-type: text/html; charset=UTF-8 date: Wed, 05 Jun 2024 13:17:53 GMT pragma: no-cache referrer-policy: same-origin server: Apache set-cookie: fedora_ipsilon_session_id=REDACTED; expires=Wed, 05 Jun 2024 13:32:53 GMT; HttpOnly; Max-Age=900; Path=/; Secure strict-transport-security: max-age=31536000; preload x-content-type-options: nosniff x-fedora-appserver: ipsilon01.iad2.fedoraproject.org x-fedora-proxyserver: proxy36.fedoraproject.org x-fedora-requestid: REDACTED sx-frame-options: SAMEORIGIN, deny x-xss-protection: 1; mode=block
I currently had for some time always:
401 - Unauthorized Transaction expired, or cookies not available
I have never problems with ending up on the FAS login page. But once I entered credentials and then click to login, then the issue occurs. Beyond "unauthorized", I have had "time out" and "bad request" in the past. Sometimes it is only once, and then I try again and it works. But sometimes this condition can remain for many attempts.
Kevin, you asked in the mailing list for information that indicates which proxy it is. Here an extract from tcpdump. The very "click" to login was 13:08:28:
13:08:25.190849 IP fedora.45278 > 192.229.XXX.XXX.http: Flags [.], ack 2230300768, win 497, options [nop,nop,TS val 1368748353 ecr 3202042858], length 0 13:08:25.214931 IP 192.229.XXX.XXX.http > fedora.45278: Flags [.], ack 1, win 131, options [nop,nop,TS val 3202053099 ecr 1368686865], length 0 13:08:25.706740 IP fedora.36036 > dns.google.domain: 62850+ [1au] PTR? 195.152.2.10.in-addr.arpa. (54) 13:08:25.731302 IP dns.google.domain > fedora.36036: 62850 NXDomain 0/0/1 (54) 13:08:28.800132 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [S], seq 1255371569, win 64240, options [mss 1460,sackOK,TS val 4207315726 ecr 0,nop,wscale 7], length 0 13:08:28.893917 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [S.], seq 3566394504, ack 1255371570, win 26844, options [mss 1380,sackOK,TS val 2336283230 ecr 4207315726,nop,wscale 7], length 0 13:08:28.894051 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [.], ack 1, win 502, options [nop,nop,TS val 4207315820 ecr 2336283230], length 0 13:08:28.897068 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [P.], seq 1:1298, ack 1, win 502, options [nop,nop,TS val 4207315823 ecr 2336283230], length 1297 13:08:28.977992 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [.], ack 1298, win 200, options [nop,nop,TS val 2336283315 ecr 4207315823], length 0 13:08:28.979219 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [P.], seq 1:255, ack 1298, win 200, options [nop,nop,TS val 2336283316 ecr 4207315823], length 254 13:08:28.979275 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [.], ack 255, win 501, options [nop,nop,TS val 4207315905 ecr 2336283316], length 0 13:08:28.980379 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [P.], seq 1298:1378, ack 255, win 501, options [nop,nop,TS val 4207315906 ecr 2336283316], length 80 13:08:28.981300 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [P.], seq 1378:1548, ack 255, win 501, options [nop,nop,TS val 4207315907 ecr 2336283316], length 170 13:08:28.982262 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [P.], seq 1548:2067, ack 255, win 501, options [nop,nop,TS val 4207315908 ecr 2336283316], length 519 13:08:29.061108 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [P.], seq 255:305, ack 1378, win 200, options [nop,nop,TS val 2336283399 ecr 4207315906], length 50 13:08:29.061524 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [P.], seq 2067:2098, ack 305, win 501, options [nop,nop,TS val 4207315988 ecr 2336283399], length 31 13:08:29.062669 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [P.], seq 305:336, ack 1548, win 199, options [nop,nop,TS val 2336283400 ecr 4207315907], length 31 13:08:29.098143 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [P.], seq 336:3072, ack 2067, win 195, options [nop,nop,TS val 2336283436 ecr 4207315908], length 2736 13:08:29.098147 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [P.], seq 3072:5271, ack 2067, win 195, options [nop,nop,TS val 2336283436 ecr 4207315908], length 2199 13:08:29.098267 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [.], ack 3072, win 499, options [nop,nop,TS val 4207316024 ecr 2336283400], length 0 13:08:29.098450 IP fedora.50422 > proxy-iad02.fedoraproject.org.https: Flags [.], ack 5271, win 482, options [nop,nop,TS val 4207316024 ecr 2336283436], length 0 13:08:29.178431 IP proxy-iad02.fedoraproject.org.https > fedora.50422: Flags [.], ack 2098, win 195, options [nop,nop,TS val 2336283516 ecr 4207315988], length 0
This time, after about 4 or 5 attempts, it worked.
Let me know if you prefer something else.
ok, interesting.
Is there any delay from when it redirects you to the id page and when you submit it? ie, you try and login, and don't see the id page for a time? or do you always see it and enter your data right after?
I'll look and see if I can see anything more in logs based on your info. Thanks!
Log in to comment on this ticket.