Bug 1623315 - - Invalid request Client state could not be verified [NEEDINFO]
Summary: - Invalid request Client state could not be verified
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.9.z
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On: 1589072
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-29 03:04 UTC by Venkata Tadimarri
Modified: 2019-03-14 14:12 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1589072
Environment:
Last Closed: 2019-03-14 14:12:56 UTC
Target Upstream Version:
spadgett: needinfo? (mjahangi)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-08-29 03:04:14 UTC

Comment 7 Samuel Padgett 2019-03-14 14:12:56 UTC
There are several causes of the "Client state could not be verified" error. The most common is that the login was started from a console URL that is not the public URL. This would happen when the master public URL had an incorrect direct to the console URL. That problem was fixed under

https://github.com/openshift/origin/pull/19194

The other time this can happen is when performing a login concurrently to the same console across different tabs. This behavior was improved in

https://github.com/openshift/origin-web-common/pull/282

There are still some known limitations around concurrent logins, however. See the comment here:

https://bugzilla.redhat.com/show_bug.cgi?id=1537120#c2

Once you complete login in one of the tabs, you won't be able to complete login in the other tabs. We don't plan to change this because it would weaken security. Currently logins have a `nonce` value that cannot be reused. The nonce is destroyed when you complete login in one of the tabs as a security measure. The side effect is that the logins in the other tabs will fail. This is unfortunate, but again not something we can change without reducing security of the login.

If the problem you are seeing is not one of the issues above, please let us know.


Note You need to log in before you can comment on or make changes to this bug.