Users on Satellite connection unable to log in to certain sites

By: Brian Sweeney named 20 Dec 2018 at 12:05 p.m. CST

8 Responses
Brian Sweeney gravatar
**Expected behavior** Using OpenID Connect for login, a user: - visits one of our sites - clicks to log in - is redirected to gluu - logs in successfully - is redirected to the original site - original site processes user's token and initializes the user's session **Actual Behavior** Upon returning to the original site the user is asked to log in again. No error messages are displayed. -- This only seems to affect users on satellite-based Internet connection, and only when attempting to log in to sites running on a particular system. So far we have been unable to reproduce the issue (i.e. by using network conditioning) and we do not have access to a satellite-based Internet connection. The sites affected by the bug are maintained by a third party. I'm inquiring about getting any information (e.g. logs) related to the failed login attempt. Could the problem be caused by some kind of timing issue? Are there any settings we could tweak to see if they resolve the problem for our users?
CentOS 6.5
closed

Answers

By Mohib Zico Account Admin 20 Dec 2018 at 12:20 p.m. CST

Copy
Mohib Zico gravatar
Hello Brian, First thing I would compare oxauth.log snippet between successful authentication and failed authentication ( via different internet connection and system ) of same user. That should give idea why same user is failing for different internet connectivity.

By Brian Sweeney named 20 Dec 2018 at 12:26 p.m. CST

Copy
Brian Sweeney gravatar
The user is not failing to authenticate. The RP is failing to recognize the authentication. The user is able to access sites running on other platforms without issue. It's an site running on a single platform that doesn't seem to be able to recognize that the user is authenticated.

By Brian Sweeney named 20 Dec 2018 at 12:34 p.m. CST

Copy
Brian Sweeney gravatar
Would the logs help determine the issue if the problem appears to be on the RP side? We've done some testing in the past but I don't know if the relevant logs are still available. We'll take a look and report back.

By Mohib Zico Account Admin 20 Dec 2018 at 12:40 p.m. CST

Copy
Mohib Zico gravatar
>> Would the logs help determine the issue if the problem appears to be on the RP side? No, but you will get what scopes, clients and some other session related info in oxauth.log. If you see same information between success and not-success; then RP log can determine why it's rejecting.

By Brian Sweeney named 20 Dec 2018 at 12:41 p.m. CST

Copy
Brian Sweeney gravatar
OK, thanks. We'll try and pull together some relevant logs from our side.

By Mohib Zico Account Admin 02 Jan 2019 at 6:54 a.m. CST

Copy
Mohib Zico gravatar
Happy New Year, Brian! Just touching base to know our next action item about this issue.

By Brian Sweeney named 02 Jan 2019 at 11:24 a.m. CST

Copy
Brian Sweeney gravatar
Thanks for following up. I'm still working on pulling together some logs from our Gluu install.

By Mohib Zico Account Admin 10 Jan 2019 at 6:31 a.m. CST

Copy
Mohib Zico gravatar
Hello Brian, I am closing this ticket for now but please feel free to reopen if required.

Post an answer