Bug 1579746

Summary: [3.7] Invalid request Client state could not be verified
Product: OpenShift Container Platform Reporter: Nicolas Nosenzo <nnosenzo>
Component: Management ConsoleAssignee: Samuel Padgett <spadgett>
Status: CLOSED NOTABUG QA Contact: Yadan Pei <yapei>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.7.1CC: aos-bugs, jliggitt, jokerman, lucarval, mmccomas, nnosenzo, spadgett, xxia, yapei
Target Milestone: ---Flags: spadgett: needinfo? (nnosenzo)
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1537120 Environment:
Last Closed: 2018-05-29 21:58:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1537120    
Bug Blocks:    

Comment 1 Nicolas Nosenzo 2018-05-18 08:57:16 UTC
This is still reproducible on OCP v3.7.44 by following these steps:

1) Open tab A to the console, let it redirect you to the login page, DO NOT LOG IN
2) Open tab B to the console, let it redirect you to the login page
3) Complete the log in from tab B, it will succeed
4) Complete the log in from tab A, it will fail wth "Client state could not be verified"

The fix within the origin-web-common (PR [0]) repo is included only for versions 3.7.1 and 3.7.2 but not for 3.7.0, I'm wondering if we can check whether the correct origin-web-common repo was taken for v3.7.42+.

[0] https://github.com/openshift/origin-web-common/pull/286/files

Comment 2 Samuel Padgett 2018-05-18 16:23:57 UTC
The steps you list are expected. See


> What this will not change - once you log in through any of the tabs, the nonce will be destroyed so that it can not be reused, this is an intentional security measure. This means any other tabs still sitting on the log in page, you will not be able to just log in on those tabs, you will need to hit the back button to go back to the console.

Comment 3 Samuel Padgett 2018-05-18 16:46:55 UTC
Confirming that are you are able to login in using one of the tabs? It's only the second that fails?

Comment 4 Samuel Padgett 2018-05-29 21:58:59 UTC
Closing since this is working as intended based on the description.