Koschei prod authentication doesn't work anymore:
[Wed Dec 06 15:58:59.700266 2017] [core:error] [pid 3013] [client 10.5.126.51:49378] Error in authentication: openid.modauthopenid.nonce: no such field
Metadata Update from @mizdebsk: - Issue tagged with: authentication
Okay, so this seems unrelated to Ipsilon, but is a bug in mod_auth_openid: https://github.com/bmuller/mod_auth_openid/issues/4 .
Would it be an idea to just migrate Koschei to mod_auth_openidc? If you're open to that, let me know and I can tell you what all needs to be done there.
Well, to be entirely correct: this bug now gets triggered by Ipsilon because the association cleanup did not work before. So by fixing that bug, we have brought up a bug in mod_auth_openid.
Okay, for now I have worked around it by breaking association cleanup. But this will be rebroken again on the next update, so let's try to move to OIDC at some near point.
FYI, it's still broken for me, although the error message is inconsistent. Sometimes it says:
There has been an error while attempting to authenticate.
And other times, it says:
500 - Internal Server Error Ipsilon encountered an unexpected internal error while trying to fulfill your request.
Please retry again.
If the error persists, contact the server administrator to resolve the problem.
And I also had some intermittent problems logging into src.fedoraproject.org (same error as one just above). It worked the 2nd time I tried.
Okay, so the error on Ipsilon had been a database issue and is fixed. That was the same error as for src.fp.o.
The original error has been fixed for now again, but it caused by mod_auth_openid keeping an association around for longer than it is valid for.
Thanks. It seems to work now.
Closing as it appears to be fixed indeed.
Metadata Update from @mizdebsk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.