Bug 1576574 - Successful web console login redirects back to login page
Summary: Successful web console login redirects back to login page
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.7.z
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-09 19:49 UTC by Robert Bost
Modified: 2018-05-11 18:09 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-11 17:05:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3441131 0 None None None 2018-05-11 18:09:49 UTC

Description Robert Bost 2018-05-09 19:49:53 UTC
Description of problem:

Customer experiencing issue with logging into web console:

- Navigate to web console. Login form is displayed.
- User submits login form. POST request to /login.
- Redirected to /oauth/authorize

/oauth/authorize?client_id=openshift-web-console&response_type=code&state=eyJ0aGVuIjoiLyIsIm5vbmNlIj
oiMTUyNTg4MDI0NjcyMS0xNjUzODQ1NTEwMzM4NTQzNjgzMzMzNDM2OTU5MDA0MDQyNTAzNjY1MTY5MTQxMTQ2OTIyMzQyNDU2OTUxMTE2NzA5NzE1MTA0NjU3OTczNyJ9
&redirect_uri=https%3A%2F%2Fopenshift-master.example.com%2Fconsole%2Foauth

** Should redirect to /console/oauth which displays the actual console page where user wants to be.
- However, the /oauth/authorize response redirects to /login again, hence why you see the login page. 
- Here is the 302 response's Location header from /oauth/authorize:

/login?then=%2Foauth%2Fauthorize%3Fclient_id%3Dopenshift-web-console%26response_type%3Dcode%26state%3DeyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTg4MDI0NjcyMS0xNjUzODQ1NTEwMzM4NTQzNjgzMzMzNDM2OTU5MDA0MDQyNTAzNjY1MTY5MTQxMTQ2OTIyMzQyNDU2OTUxMTE2NzA5NzE1MTA0NjU3OTczNyJ9%26redirect_uri%3Dhttps%253A%252F%252Fopenshift-master.example.com%252Fconsole%252Foauth"


Version-Release number of selected component (if applicable): atomic-openshift-3.7.44-1.git.0.6b061d4.el7.x86_64 

How reproducible: 
Issue is intermittent for customer which leads me to believe master-configs are not consistent. Attaching for the record. 


Steps to Reproduce:
1. Unable to reproduce locally.

Actual results:
Redirected back to /login page


Expected results:
Redirect to /console showing projects, etc.

Comment 2 Yadan Pei 2018-05-10 07:08:07 UTC
Setup a v3.7.44 cluster with 3 masters, 4 nodes and 1 LB on AWS.

1. Access LB URL address
redirect to https://<elb>/login?then=%2Foauth%2Fauthorize%3Fclient_id%3Dopenshift-web-console%26response_type%3Dcode%26state%3DeyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTkzNTAwNDg2Ni0xOTIwMDI1ODc3MjIxNDc4ODU4MDM3NTY2MzgzNzcxMDU5NDY1MTQ1MjU5NjgyMjUwOTE3OTIxNDU2MzU4MjA2OTAzOTY5MzI2MzQzMDUifQ%26redirect_uri%3Dhttps%253A%252F%252F<elb>%252Fconsole%252Foauth
2. Set username and password
goto 
https://<elb>/console/oauth?code=MQaUZZWSnmB3EKgBGPymEtgdIkyEn0bZ99eW2_Ad0AY&state=eyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTkzNTAwNDg2Ni0xOTIwMDI1ODc3MjIxNDc4ODU4MDM3NTY2MzgzNzcxMDU5NDY1MTQ1MjU5NjgyMjUwOTE3OTIxNDU2MzU4MjA2OTAzOTY5MzI2MzQzMDUifQ and authorize code returned
3. Login successfully and didn't redirect to login page again

didn't reproduce the issue locally too.

Comment 4 Robert Bost 2018-05-11 17:05:13 UTC
Issue appears to have been due to mismatching /etc/origin/master/session-secrets.yaml on one of the maters.


Note You need to log in before you can comment on or make changes to this bug.