Description of problem: Customer experiencing issue with logging into web console: - Navigate to web console. Login form is displayed. - User submits login form. POST request to /login. - Redirected to /oauth/authorize /oauth/authorize?client_id=openshift-web-console&response_type=code&state=eyJ0aGVuIjoiLyIsIm5vbmNlIj oiMTUyNTg4MDI0NjcyMS0xNjUzODQ1NTEwMzM4NTQzNjgzMzMzNDM2OTU5MDA0MDQyNTAzNjY1MTY5MTQxMTQ2OTIyMzQyNDU2OTUxMTE2NzA5NzE1MTA0NjU3OTczNyJ9 &redirect_uri=https%3A%2F%2Fopenshift-master.example.com%2Fconsole%2Foauth ** Should redirect to /console/oauth which displays the actual console page where user wants to be. - However, the /oauth/authorize response redirects to /login again, hence why you see the login page. - Here is the 302 response's Location header from /oauth/authorize: /login?then=%2Foauth%2Fauthorize%3Fclient_id%3Dopenshift-web-console%26response_type%3Dcode%26state%3DeyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTg4MDI0NjcyMS0xNjUzODQ1NTEwMzM4NTQzNjgzMzMzNDM2OTU5MDA0MDQyNTAzNjY1MTY5MTQxMTQ2OTIyMzQyNDU2OTUxMTE2NzA5NzE1MTA0NjU3OTczNyJ9%26redirect_uri%3Dhttps%253A%252F%252Fopenshift-master.example.com%252Fconsole%252Foauth" Version-Release number of selected component (if applicable): atomic-openshift-3.7.44-1.git.0.6b061d4.el7.x86_64 How reproducible: Issue is intermittent for customer which leads me to believe master-configs are not consistent. Attaching for the record. Steps to Reproduce: 1. Unable to reproduce locally. Actual results: Redirected back to /login page Expected results: Redirect to /console showing projects, etc.
Setup a v3.7.44 cluster with 3 masters, 4 nodes and 1 LB on AWS. 1. Access LB URL address redirect to https://<elb>/login?then=%2Foauth%2Fauthorize%3Fclient_id%3Dopenshift-web-console%26response_type%3Dcode%26state%3DeyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTkzNTAwNDg2Ni0xOTIwMDI1ODc3MjIxNDc4ODU4MDM3NTY2MzgzNzcxMDU5NDY1MTQ1MjU5NjgyMjUwOTE3OTIxNDU2MzU4MjA2OTAzOTY5MzI2MzQzMDUifQ%26redirect_uri%3Dhttps%253A%252F%252F<elb>%252Fconsole%252Foauth 2. Set username and password goto https://<elb>/console/oauth?code=MQaUZZWSnmB3EKgBGPymEtgdIkyEn0bZ99eW2_Ad0AY&state=eyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyNTkzNTAwNDg2Ni0xOTIwMDI1ODc3MjIxNDc4ODU4MDM3NTY2MzgzNzcxMDU5NDY1MTQ1MjU5NjgyMjUwOTE3OTIxNDU2MzU4MjA2OTAzOTY5MzI2MzQzMDUifQ and authorize code returned 3. Login successfully and didn't redirect to login page again didn't reproduce the issue locally too.
Issue appears to have been due to mismatching /etc/origin/master/session-secrets.yaml on one of the maters.