Closed lloyd closed 11 years ago
jakem helped live diagnose this, and we're seeing certificates issued 12s in the future from the time assertions are issued. this suggests clock skew and seems to be originating from the us-west-1 region.
@mostlygeek - can you audit clock skew on all boxes, report what kind of skew you see, add monitoring to alert if > 2s of skew is detected, and get us synced via ntpd on all machines?
How complex is this?
see precise steps to reproduce in #85. closing that down in favor of this because this one has a screen shot.
Further confirmation reported in IRC by @jrgm:
[14:00:07] <jrgm> Hey, the clock on login.mozilla.org is not correct.
[14:00:25] <jrgm> I can see this in the Date: header responses.
[14:01:58] <jrgm> and it's about 12 seconds off.
I'm on it!
:heart: and :beer:
Fixed
Verified - WFM
Jake Maul, @oxten, and @karlht hit this issue.
Case is when a user logs in via us-west-1 the login fails with an error in the persona dialog, it looks like this:![stdm](https://f.cloud.github.com/assets/39411/644896/89f820c6-d398-11e2-9467-4f7591419188.png)