Bug 1879140
| Summary: | console auth errors not understandable by customers | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Stefan Schimanski <sttts> |
| Component: | Management Console | Assignee: | Jakub Hadvig <jhadvig> |
| Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.3.z | CC: | amcdermo, aos-bugs, bbennett, cblecker, cshereme, grodrigu, hongli, jhadvig, jokerman, khnguyen, lseelye, maupadhy, mfojtik, misalunk, mmazur, mwhittin, nmalik, slaznick, spadgett, sttts, travi, yapei |
| Target Milestone: | --- | Keywords: | ServiceDeliveryImpact |
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1847693 | Environment: | |
| Last Closed: | 2021-07-27 22:32:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 2
Jakub Hadvig
2020-10-02 15:27:04 UTC
Haven't got time to work on this issue. Will get to it next sprint. 1. Set console log level to Debug
# oc patch consoles.operator.openshift.io cluster -p '{"spec":{"logLevel": "Debug"}}' --type merge
2. Login with user and then logout, check console pod logs
I0406 08:13:49.701186 1 middleware.go:28] authentication failed: unauthenticated, no value for cookie openshift-session-token
I0406 08:16:27.615631 1 auth.go:394] oauth success, redirecting to: "https://console-openshift-console.apps.ci-ln-26d5gbt-f76d1.origin-ci-int-gce.dev.openshift.com/"
2021/04/06 08:16:40 Failed to dial backend: 'websocket: bad handshake' Status: '403 Forbidden' URL: 'https://kubernetes.default.svc/apis/config.openshift.io/v1/clusterversions?watch=true&fieldSelector=metadata.name%3Dversion'
I0406 08:16:44.265075 1 middleware.go:28] authentication failed: unauthenticated, no value for cookie openshift-session-token
When user is not logged in, it shows `authentication failed: unauthenticated, no value for cookie openshift-session-token`
we didn't show `authentication failed: unauthenticated, no value for cookie openshift-session-token` by default, is customer expect a more readable error message?
I understand that the issue in this bug is the error messages are not understandable(easily readable)
Also when user logs with incorrect password, we can see messages in console logs: I0406 08:22:54.887707 1 middleware.go:28] authentication failed: http: named cookie not present I0406 08:22:54.980605 1 middleware.go:28] authentication failed: http: named cookie not present I0406 08:22:55.026364 1 middleware.go:28] authentication failed: http: named cookie not present is customer expecting more readable error messages?
authentication failed: http: named cookie not present => authentication failed: ${something more readable}
authentication failed: unauthenticated, no value for cookie openshift-session-token => authentication failed: unauthenticated, {something more readable}
After talking with our developers, we think changing default log level so that these messages will not be logged by default, it will only be shown when we set higher log level such as 'Debug', we think this should be sufficient Going to move the bug to VERIFIED, let us know if this is not satisfied Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |