Bug 1826484

Summary: Possibility of user login failure if the list of Identity Providers cannot converge on a response within 60s.
Product: OpenShift Container Platform Reporter: Venkata Siva Teja Areti <vareti>
Component: apiserver-authAssignee: Venkata Siva Teja Areti <vareti>
Status: CLOSED WONTFIX QA Contact: scheng
Severity: low Docs Contact:
Priority: low    
Version: 4.3.0CC: aos-bugs, mfojtik
Target Milestone: ---Keywords: UpcomingSprint
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-27 00:02:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Venkata Siva Teja Areti 2020-04-21 19:04:56 UTC 
Description of problem:

This is extended version for https://bugzilla.redhat.com/show_bug.cgi?id=1814898. 

If there are multiple IDPs configured with OAuth server, to authenticate the user, IDPs are checked in the order in which they are configured. For some reason, if the time to get a response from some of these IDP together is more than 60s, user login would fail even though user can be authenticated using an IDP that comes after these faulty IDPs.

Creating a BZ to track this even though we may not be able to fix it completely.

Version-Release number of selected component (if applicable):
4.3

How reproducible:
Happened in the above referenced BZ. I think this can be reproduced reliably if there are multiple faulty IDPs.

Steps to Reproduce:
1. create IDPs that will not send a response within 60s
2. create htpasswd IDP
3. Try to login as the user.

Actual results:
User fails to login with some server error

Expected results:
User login succeeds


Additional info:
Comment 1 Venkata Siva Teja Areti 2020-05-20 12:38:19 UTC 
Adding UpcomingSprint as this needs some arch discussions.
Comment 2 Michal Fojtik 2020-05-27 00:02:17 UTC 
This bug hasn't had any activity 7 days after it was marked as LifecycleStale, so we are closing this bug as WONTFIX. If you consider this bug still valuable, please reopen it or create new bug.