Open perllaghu opened 2 years ago
I needed to switch to using a database-cache for the django app.
I can't tell you if the problem is kubernetes related, or proxy-related... either way: switching the cache fixed my problem
Now that you mention it I had the same problem (though I use Flask). I use gunicorn with multiple workers. Without a proper cache configuration the cache is not shared between workers, so requests fail unless they happen to hit the same worker.
I was getting a lot of random nonce validation errors until I changed gunicorn from 4 workers to 1 worker. I haven't seen the validation issue since changing.
I was getting a lot of random nonce validation errors until I changed gunicorn from 4 workers to 1 worker. I haven't seen the validation issue since changing.
That is because you don't have a shared cache.
I have a [I think] sane django app... the service has been running for a few years, and happily uses both LTI 1.1 and SAML2 based authentication.
For reference: Django 3.1.13, running in a kubernetes cluster.
I'm now adding LTI 1.3 authentication, and my
launch
process was failing.I believe I've narrowed it down to the
login
process not setting a nonce ... for thelaunch
process to then pick up on & verify.This in my login code:
This logs:
Am I wrong in assuming that the
redirect()
call should have set something.... and that something should be retrievable fromoidc_login._session_service._get_value(nonce_key)
?Further info - after some investigation - it may be a cookie issue, if one of my colleagues does some "clever magic" so things appear as
localhost
, it all works.