Opened 9 years ago

Closed 9 years ago

#63 closed task (fixed)

LabWiki authentication failure

Reported by: johren@bbn.com Owned by: jack.hong@nicta.com.au
Priority: blocker Milestone: GEC18
Component: Authentication/Authorization Version: WrapUp
Keywords: Cc: divyashri.bhat@gmail.com
Dependencies:

Description

Friday morning, Divya started getting an authentication failure when logging in to Labwiki on port 4400. I am also getting the same failure. After authenticating with GENI Portal, we get a page that says "Authentication Failed."

Change History (3)

comment:1 Changed 9 years ago by divyashri.bhat@gmail.com

I don't know if this helps but I ran the LabWiki? on another port to look at the logs and it seems there is an error involving URI of the user.

Here is the log: I, [2013-10-18T13:53:35.504259 #1735] INFO -- OpenID: WARNING: making https request to https://portal.geni.net/server/server.php without verifying server certificate; no CA path was specified. I, [2013-10-18T13:53:35.611438 #1735] INFO -- OpenID: WARNING: making https request to https://portal.geni.net/server/server.php/idpXrds without verifying server certificate; no CA path was specified. I, [2013-10-18T13:53:35.742850 #1735] INFO -- OpenID: Generated checkid_setup request to https://portal.geni.net/server/server.php with assocication {HMAC-SHA1}{526174cd}{zzQOzA==} I, [2013-10-18T13:53:47.729550 #1735] INFO -- OpenID: Error attempting to use stored discovery information: OpenID::TypeURIMismatch I, [2013-10-18T13:53:47.729721 #1735] INFO -- OpenID: Attempting discovery to verify endpoint I, [2013-10-18T13:53:47.729815 #1735] INFO -- OpenID: Performing discovery on https://portal.geni.net/server/server.php/idpage?user=dbhat I, [2013-10-18T13:53:47.731189 #1735] INFO -- OpenID: WARNING: making https request to https://portal.geni.net/server/server.php/idpage?user=dbhat without verifying server certificate; no CA path was specified. I, [2013-10-18T13:53:47.854674 #1735] INFO -- OpenID: WARNING: making https request to https://portal.geni.net/server/server.php/userXrds?user=dbhat without verifying server certificate; no CA path was specified. Warning! Rack::Session::Cookie data size exceeds 4K. Warning! Rack::Session::Cookie failed to save session. Content dropped.

comment:2 Changed 9 years ago by divyashri.bhat@gmail.com

I ran a test session of LabWiki on emmy9 , port 4401 and found that the problem is this:

  1. The Warden::OpenID uses Rack::Session::Cookie which has a size limit of 4K (4096 bytes). The main problem is that the cookie is not cleared for every session. That is why the authentication failure message occurs after a few login sessions (4 for me).
  1. Since we have the project and slice information being passed in the Cookie, it most likely will exceed 4k and we may need to increase the size limit of the cookie.

comment:3 Changed 9 years ago by johren@bbn.com

Resolution: fixed
Status: newclosed

Verified prior to GEC18.

Note: See TracTickets for help on using tickets.