Epic to link all support issues located in Dev projects
(SUP-12)
|
|
| Status: | Closed |
| Project: | mod-login-saml |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None | Parent: | Epic to link all support issues located in Dev projects |
| Type: | Bug | Priority: | P2 |
| Reporter: | Anya | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue links: |
|
||||||||||||
| Sprint: | |||||||||||||
| Affected Institution: |
Chalmers
|
||||||||||||
| Epic Link: | Epic to link all support issues located in Dev projects | ||||||||||||
| Description |
|
Steps to reproduce: Expected result: I am redirected to the FOLIO landing page, where I can see my apps ans start working. Actual result: I am redirected to a blank page with only the text ”No valid subject assertion found in response”. Further details: I tested this a few times (in incognito mode). Some of the times the ”No valid subject assertion found in response” message showed up after the Chalmers login page, as stated above, some times just after I had clicked Log in via SSO. Every time I was able to get past the error page and on into FOLIO by refreshing the page one or two times. When I got the error message, I also noted a failed POST request in developer tools. I'll attach an image of that later. In dev tools, I noted that the error message comes from a failed POST request to https://okapi-chalmers.folio.ebsco.com/_/invoke/tenant/fs00001000/saml/callback. Will add more details about that in a comment. See attached screencast for a full walkthrough of the steps. Interested parties: Lisa Sjögren Could be related to : https://folio-org.atlassian.net/browse/MODLOGSAML-28 |
| Comments |
| Comment by Anya [ 03/Aug/20 ] |
|
Anton Emelianov- could we have library priority added to this - and it is high |
| Comment by Anton Emelianov (Inactive) [ 03/Aug/20 ] |
|
Anya, the "Customer Priority" filed has been added to the UX project and I set it to "Important" which is 1 below "Critical". Why are you creating this bug in the UX project? |
| Comment by Anya [ 03/Aug/20 ] |
|
Changed the project to Mod-log-saml |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
I was able to reproduce this on the Chalmers site only. I do not see the issue when using folio-testing/ssocircle for example. At the request of Lisa Sjögren I'm moving part of a conversation here for additional contex and continuing the conversation here.
|
| Comment by Craig McNally [ 04/Aug/20 ] |
Lisa Sjögren where can I get more detail on this? |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
Hearing that, my gut reaction is that FOLIO is unable to verify the message signature, or decrypt the saml assertion. What's confusing to me is that if there was a change that required us to update the keystore in FOLIO, why does it work when you refresh the page after getting this error... I'm beginning to wonder if there's more than just one issue here. |
| Comment by Lisa Sjögren [ 04/Aug/20 ] |
|
Craig McNally This is all the information I have right now, from Lari Kovanen who is currently on vacation (my translation): "FOLIO needs to refetch the metadata from Chalmers SSO since it has changed its certificate. I tried to trigger this by editing the SSO config, which did not solve the problem so we'll need to contact support about this." Another colleague who is now also on vacation told me that the above problem had been resolved, but I don't know how or which support (if any) was contacted about it. |
| Comment by Lisa Sjögren [ 04/Aug/20 ] |
|
Interesting! It's like a Kinder egg of issues. |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
Right, I'm thinking that we need to regenerate the SP metadata on the FOLIO side and then update the IdP with this new metadata. I can only do the first part. I'll need help from someone at Chalmers for the 2nd part |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
Let me try restarting the module... that might be enough, though I kinda doubt it. |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
OK that actually seems to have worked. I can no longer reproduce this problem. I'm still a little concerned that a refresh after the error succeeded. |
| Comment by Anya [ 04/Aug/20 ] |
|
Restart cleared the issue. |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
Lisa Sjögren assigning to you and moving to review status... Please verify this has been resolved. If so we can close it. |
| Comment by Craig McNally [ 04/Aug/20 ] |
|
oh, never mind, I see it's already closed |
| Comment by Lisa Sjögren [ 05/Aug/20 ] |
|
Ok, great! I actually had trouble reproducing it already yesterday (before you restarted the module), figured maybe there was some incognito mode-surpassing browser-level caching going on that sort of let me bypass the problem. (Had only tried Chrome and Firefox, so was going to test it in Edge today – unfortunately the login page didn't load at all in there....:'D ) I'll keep my fingers crossed that the restart did the trick, and ask my colleagues – a lot of whom will be forced to log in anew after vacation – to let us know if the issue reappears. |