search

dCache / dcache-view

A Web application that provide an easy to use User Interface for dCache System.
Other
1 stars 5 forks source link

Redirect loop after OIDC session expires #215

Closed onnozweers closed 4 years ago

onnozweers commented 4 years ago

Dear dCache devs,

I'm experimenting with OIDC in our test instance of dCacheView at https://dolphin12.grid.surfsara.nl:20443/. It seems to work nicely, I can authenticate in the ESCAPE IAM at CNAF/INFN and then have a fully functional session in which I can upload and download files.

After a while, I guess when the OIDC dCacheView session expires, when I click anywhere in the dCacheView, I'm thrown back into the login page, but then the browser gets stuck in an endless redirect loop. When I close the browser and start a new (private) window, the redirect is over and I can log in again. It happens in Firefox and in Chrome.

There has been a somewhat similar issue a while ago but that was fixed back then. https://github.com/dCache/dcache-view/issues/183

I took a log from the web console. I can send you this if you want. If you need a special log file, let me know.

Cheers, Onno

femiadeyemi commented 4 years ago

Hi Onno,

Paul and I was discussing this issue this morning. Hopefully, our next release will include the fix. Yes, please, post the web console log. Thanks.

Best regards, Olufemi

Ps: speaking of new release, I will need your help to do some tests. May I ping you when I'm ready?

alrossi commented 4 years ago

Your experience is similar to mine with certificates. I have been having trouble with my X509 for some reason ... seems that there is a CRL issue which I'm trying to get to the bottom of. But I can reproduce the loop behavior as follows:

  1. go to https://:3880 (dCacheView) [here it refuses to authenticate me because of this certificate problem, and shoves me over to the login page]. I log in.
  2. Now go to https://:3880 /api/v1. I'm asked to log in again. I log in again.
  3. Now try to go back to https://:3880 (back button or put the URL into the navigation bar). That is when it goes into this infinite loop. Closing the tab and reconnecting fixes, as you discovered.
femiadeyemi commented 4 years ago

Hi @alrossi, this is not the same issue. May you please open another issue for this? Thank you.

Your experience is similar to mine with certificates. I have been having trouble with my X509 for some reason ... seems that there is a CRL issue which I'm trying to get to the bottom of. But I can reproduce the loop behavior as follows:

  1. go to https://:3880 (dCacheView) [here it refuses to authenticate me because of this certificate problem, and shoves me over to the login page]. I log in.
  2. Now go to https://:3880 /api/v1. I'm asked to log in again. I log in again.
  3. Now try to go back to https://:3880 (back button or put the URL into the navigation bar). That is when it goes into this infinite loop. Closing the tab and reconnecting fixes, as you discovered.
onnozweers commented 4 years ago

Hi Olufemi,

Here's the web console log. The link will be available until Tuesday. https://surfdrive.surf.nl/files/index.php/s/6RVEcXbUu3wO87g

I hope it is detailed enough. If you need a more detailed log, let me know. And of course I'll be happy to test! I can upgrade our test server to the latest snapshot at any time.

Cheers, Onno

alrossi commented 4 years ago

OK, @femiadeyemi if you believe it is unrelated, I will in a bit. Thanks.

onnozweers commented 4 years ago

Hi Olufemi,

It is better now. Thanks!

image

Clicking login brings me to the login page.

Kind regards, Onno