When logging in, some users are redirected to FAS-OpenID, complete the auth process only to be met with
fails with "Strange state: failure"
This is being filed as a retrospective, it's already been fixed.
It turns out that this only happens to users who are members of many FAS groups (more than 17 - that was the highest number of groups for a successful login that we know of).
Not exactly sure what the absolute root cause of this is but adding the following configuration value for flask_fas_openid.py seems to have fixed the issue
PREFERRED_URL_SCHEME='https'
Fix has been applied to stg and prod through puppet.
Login to comment on this ticket.