Created attachment 796049 [details] engine log Description of problem: When using the same browser to login to the user portal, the authentication refuse to let any user to login again, due to bad user / password. ovirt-engine has to be restarted. Version-Release number of selected component (if applicable): sf20.1 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
there seem to be a lot of LDAP "connection time out" errors and other errors in the engine log; are you sure that the problem is related to the fact that you have attempted to do these logins from the same browser? i.e. *before* restarting ovirt-engine: did you attempt to login *from a different browser* and it succeeded?
The answer is yes. I using mostly FF in order to login to rhevm. I tried to open different tabs for different users, which didn't work. After many tries, i tried to open a new chrome browser and manged to login at first try. Then having few more tabs (even incognito ones) brought the same results. As for the lots of LDAP errors - it took me a while to realize that it might be engine caching issue which can be resolved by restarting the engine and not LDAP issue since I got bad password and saw these LDAP errors.
(In reply to Barak Dagan from comment #2) > The answer is yes. > I using mostly FF in order to login to rhevm. I tried to open different tabs > for different users, which didn't work. After many tries, i tried to open a > new chrome browser and manged to login at first try. Then having few more > tabs (even incognito ones) brought the same results. > > As for the lots of LDAP errors - it took me a while to realize that it might > be engine caching issue which can be resolved by restarting the engine and > not LDAP issue since I got bad password and saw these LDAP errors. the same session is utilized when working with multiple tabs in any browser (FF, Chrome), i.e. you cannot login with different users from different tabs of the same browser, since the session behind the scenes is the same - this is infrastructural fact that we cannot workaround. can you please supply exact steps to reproduce? they are crucial in order to understand the exact problem. From what I understand, you did the following, however they seem impossible to me: 1) open FF 2) browse to GUI [login page is displayed] 3) fill credentials for user '1', hit "login" button [user '1' login succeeded] 4) open another tab in FF 5) browse to GUI 6) fill credentials for user '2', hit "login" button step (6) is impossible, since after step (3), the user is already logged in for the current FF session; so with every new FF tab and browsing to the GUI, the application main view automatically appears (the login page might be displayed shortly before that, but with all the fields/buttons disabled, and automatic redirection to the main view should occur immediately after that). thanks.
(In reply to Einav Cohen from comment #3) > (In reply to Barak Dagan from comment #2) > > The answer is yes. > > I using mostly FF in order to login to rhevm. I tried to open different tabs > > for different users, which didn't work. After many tries, i tried to open a > > new chrome browser and manged to login at first try. Then having few more > > tabs (even incognito ones) brought the same results. > > > > As for the lots of LDAP errors - it took me a while to realize that it might > > be engine caching issue which can be resolved by restarting the engine and > > not LDAP issue since I got bad password and saw these LDAP errors. > > the same session is utilized when working with multiple tabs in any browser > (FF, Chrome), i.e. you cannot login with different users from different tabs > of the same browser, since the session behind the scenes is the same - this > is infrastructural fact that we cannot workaround. > > can you please supply exact steps to reproduce? they are crucial in order to > understand the exact problem. > From what I understand, you did the following, however they seem impossible > to me: > > 1) open FF > 2) browse to GUI > [login page is displayed] > 3) fill credentials for user '1', hit "login" button > [user '1' login succeeded] > 4) open another tab in FF > 5) browse to GUI > 6) fill credentials for user '2', hit "login" button > > step (6) is impossible, since after step (3), the user is already logged in > for the current FF session; so with every new FF tab and browsing to the > GUI, the application main view automatically appears (the login page might > be displayed shortly before that, but with all the fields/buttons disabled, > and automatic redirection to the main view should occur immediately after > that). > > thanks. Hi Einav, You are right describing the sequence above. It appears to be a little more complicated than that: 1) open FF 2) browse to GUI [login page is displayed] 3) fill credentials for user '1', hit "login" button [user '1' login succeeded] 4) open a few tabs 5) browse to GUI in all new tabs [automatic redirected to main view] 6) logout from all tbas 7) Starting login one by one [first three seems to work - as can be seen in the attached image] 8) logins starts failing [Attached please find engine log]. Hope this helps.
Created attachment 797810 [details] engine log + image
Many thanks for the details, Barak - I appreciate it. There are a couple of surprising parts of your described scenario: - the result of step 7 (three logins of 3 different users that have succeeded). This is strange since all of the GUIs that are opened in the different tabs should actually work on the same session. i.e., when you are logging out of one of them, all tabs are being logged out. when you are logging into one of them, all tabs are actually being logged in. so the result of step 7 should actually be "succeeded in the first login, all following logins failed on 'user is already logged in'" or something similar. - once you start getting failures, the failure seem to be 'wrong user or password', rather than 'user is already logged in'. I suspect that something might be wrong in the session management (the GUI doesn't control it - it simply calls the 'login' backend method with the supplied credentials), so there is a chance that the bug is actually a backend bug.
On current master, I can't reproduce this error. When I try to login from a second user portal tab (already opened), I get an error message stating that the "User is already logged in". Please let me know if you can reproduce with the latest/next build.
This problem was found on 3.2 branch, and is reproducible on that env. It can't be reproducible (solved ?) on 3.3. Are we going to solve it for the next (if any) 3.2.z version ? or close it for 3.3 ?
Per comment #8, moving to CLOSED WORKSFORME