This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1006424 - [USERPORTAL] - after trying to login different ldap users using the same browser - can't login anymore [NEEDINFO]
[USERPORTAL] - after trying to login different ldap users using the same brow...
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-userportal (Show other bugs)
3.2.0
Unspecified Unspecified
unspecified Severity high
: ---
: 3.3.0
Assigned To: Ravi Nori
Pavel Stehlik
infra
: Triaged
Depends On:
Blocks: 1019461
  Show dependency treegraph
 
Reported: 2013-09-10 11:23 EDT by Barak Dagan
Modified: 2016-02-10 14:39 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-17 11:23:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
bdagan: needinfo? (acathrow)


Attachments (Terms of Use)
engine log (25.07 KB, application/x-compressed-tar)
2013-09-10 11:23 EDT, Barak Dagan
no flags Details
engine log + image (149.56 KB, application/x-compressed-tar)
2013-09-15 04:06 EDT, Barak Dagan
no flags Details

  None (edit)
Description Barak Dagan 2013-09-10 11:23:07 EDT
Created attachment 796049 [details]
engine log

Description of problem:
When using the same browser to login to the user portal, the authentication refuse to let any user to login again, due to bad user / password.
ovirt-engine has to be restarted.

Version-Release number of selected component (if applicable):
sf20.1

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Einav Cohen 2013-09-11 15:32:42 EDT
there seem to be a lot of LDAP "connection time out" errors and other errors in the engine log; are you sure that the problem is related to the fact that you have attempted to do these logins from the same browser? 
i.e. *before* restarting ovirt-engine: did you attempt to login *from a different browser* and it succeeded?
Comment 2 Barak Dagan 2013-09-12 03:02:39 EDT
The answer is yes.
I using mostly FF in order to login to rhevm. I tried to open different tabs for different users, which didn't work. After many tries, i tried to open a new chrome browser and manged to login at first try. Then having few more tabs (even incognito ones) brought the same results. 

As for the lots of LDAP errors - it took me a while to realize that it might be engine caching issue which can be resolved by restarting the engine and not LDAP issue since I got bad password and saw these LDAP errors.
Comment 3 Einav Cohen 2013-09-12 13:19:46 EDT
(In reply to Barak Dagan from comment #2)
> The answer is yes.
> I using mostly FF in order to login to rhevm. I tried to open different tabs
> for different users, which didn't work. After many tries, i tried to open a
> new chrome browser and manged to login at first try. Then having few more
> tabs (even incognito ones) brought the same results. 
> 
> As for the lots of LDAP errors - it took me a while to realize that it might
> be engine caching issue which can be resolved by restarting the engine and
> not LDAP issue since I got bad password and saw these LDAP errors.

the same session is utilized when working with multiple tabs in any browser (FF, Chrome), i.e. you cannot login with different users from different tabs of the same browser, since the session behind the scenes is the same - this is infrastructural fact that we cannot workaround.

can you please supply exact steps to reproduce? they are crucial in order to understand the exact problem.
From what I understand, you did the following, however they seem impossible to me:

1) open FF
2) browse to GUI
[login page is displayed]
3) fill credentials for user '1', hit "login" button
[user '1' login succeeded]
4) open another tab in FF
5) browse to GUI
6) fill credentials for user '2', hit "login" button

step (6) is impossible, since after step (3), the user is already logged in for the current FF session; so with every new FF tab and browsing to the GUI, the application main view automatically appears (the login page might be displayed shortly before that, but with all the fields/buttons disabled, and automatic redirection to the main view should occur immediately after that).

thanks.
Comment 4 Barak Dagan 2013-09-15 04:04:46 EDT
(In reply to Einav Cohen from comment #3)
> (In reply to Barak Dagan from comment #2)
> > The answer is yes.
> > I using mostly FF in order to login to rhevm. I tried to open different tabs
> > for different users, which didn't work. After many tries, i tried to open a
> > new chrome browser and manged to login at first try. Then having few more
> > tabs (even incognito ones) brought the same results. 
> > 
> > As for the lots of LDAP errors - it took me a while to realize that it might
> > be engine caching issue which can be resolved by restarting the engine and
> > not LDAP issue since I got bad password and saw these LDAP errors.
> 
> the same session is utilized when working with multiple tabs in any browser
> (FF, Chrome), i.e. you cannot login with different users from different tabs
> of the same browser, since the session behind the scenes is the same - this
> is infrastructural fact that we cannot workaround.
> 
> can you please supply exact steps to reproduce? they are crucial in order to
> understand the exact problem.
> From what I understand, you did the following, however they seem impossible
> to me:
> 
> 1) open FF
> 2) browse to GUI
> [login page is displayed]
> 3) fill credentials for user '1', hit "login" button
> [user '1' login succeeded]
> 4) open another tab in FF
> 5) browse to GUI
> 6) fill credentials for user '2', hit "login" button
> 
> step (6) is impossible, since after step (3), the user is already logged in
> for the current FF session; so with every new FF tab and browsing to the
> GUI, the application main view automatically appears (the login page might
> be displayed shortly before that, but with all the fields/buttons disabled,
> and automatic redirection to the main view should occur immediately after
> that).
> 
> thanks.

Hi Einav,
You are right describing the sequence above. It appears to be a little more complicated than that:
1) open FF
2) browse to GUI
[login page is displayed]
3) fill credentials for user '1', hit "login" button
[user '1' login succeeded]
4) open a few tabs
5) browse to GUI in all new tabs
[automatic redirected to main view]
6) logout from all tbas
7) Starting login one by one
[first three seems to work - as can be seen in the attached image]
8) logins starts failing
[Attached please find engine log].

Hope this helps.
Comment 5 Barak Dagan 2013-09-15 04:06:10 EDT
Created attachment 797810 [details]
engine log + image
Comment 6 Einav Cohen 2013-09-15 20:02:17 EDT
Many thanks for the details, Barak - I appreciate it. 

There are a couple of surprising parts of your described scenario:

- the result of step 7 (three logins of 3 different users that have succeeded). This is strange since all of the GUIs that are opened in the different tabs should actually work on the same session. i.e., when you are logging out of one of them, all tabs are being logged out. when you are logging into one of them, all tabs are actually being logged in. so the result of step 7 should actually be "succeeded in the first login, all following logins failed on 'user is already logged in'" or something similar.

- once you start getting failures, the failure seem to be 'wrong user or password', rather than 'user is already logged in'.

I suspect that something might be wrong in the session management (the GUI doesn't control it - it simply calls the 'login' backend method with the supplied credentials), so there is a chance that the bug is actually a backend bug.
Comment 7 Ravi Nori 2013-09-16 12:46:08 EDT
On current master, I can't reproduce this error. 

When I try to login from a second user portal tab (already opened), I get an error message stating that the "User is already logged in". 

Please let me know if you can reproduce with the latest/next build.
Comment 8 Barak Dagan 2013-09-22 08:23:09 EDT
This problem was found on 3.2 branch, and is reproducible on that env.
It can't be reproducible (solved ?) on 3.3.

Are we going to solve it for the next (if any) 3.2.z version ? or close it for 3.3 ?
Comment 9 Barak 2013-10-17 11:23:01 EDT
Per comment #8, moving to CLOSED WORKSFORME

Note You need to log in before you can comment on or make changes to this bug.