-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Cannot log in anymore after upgrade to v1.50.x #2736
Comments
Hi @alfa-alex, Thanks, |
I have the same issue. I have debug turned on for the application but nothing shows in the logs. I also upgraded to 1.50.1 and now the login just recycles with no errors |
@PostImpatica can you please provide as much detail as you can to help us debug this?
And as Andy added, if you can share a kickstart file on how you set up FusionAuth, that's super helpful. |
Locally on my own computer I got our flagship application working with your latest bundled docker fusionauth at the time running 1.48.3
Now that I have everything working locally, it was time to get this same docker environment working in Azure so I setup an Ubuntu 20.04 server VM and installed docker on it, then I deployed your latest docker bundle for fusionauth using these commands
curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/docker-compose.yml > docker-compose.yml && \
curl -fsSL https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/.env > .env && \
docker compose up -d
What is strage is that I get the login provided by fusionauth and I try to login but the same screen comes back up and even though I have debug set to enabled for the application I'm trying to login to, nothing shows in the events log. I've noticed that the "Login Records" does show my user apparently logging in successfully, or at least I assume those logs mean "success" because they don't say.
Sorry, I never used kickstart
…________________________________
From: Dan Moore ***@***.***>
Sent: Tuesday, May 21, 2024 1:46 PM
To: FusionAuth/fusionauth-issues ***@***.***>
Cc: Clay Brinlee ***@***.***>; Mention ***@***.***>
Subject: Re: [FusionAuth/fusionauth-issues] [Bug]: Cannot log in anymore after upgrade to v1.50.x (Issue #2736)
@PostImpatica<https://github.com/PostImpatica> can you please provide as much detail as you can to help us debug this?
* what version you were moving from
* what db you use
* which application you are trying to log in to
* how you are hosting
* anything else you can think of
And as Andy added, if you can share a kickstart file on how you set up FusionAuth, that's super helpful.
—
Reply to this email directly, view it on GitHub<#2736 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABZIYJXGZOR4DVWT5LHRDS3ZDOJAVAVCNFSM6AAAAABHJKTHJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRTGIZTQMRWGE>.
You are receiving this because you were mentioned.
|
Hey folks, one question. What is the value of the SSO session length (under Tenants -> OAuth)? |
I got with support and they fixed it by having me change the sessiontimeout to 30 (it was zero) in the tenant config. Sorry for the cross post.
…________________________________
From: Dan Moore ***@***.***>
Sent: Wednesday, May 22, 2024 12:26 PM
To: FusionAuth/fusionauth-issues ***@***.***>
Cc: Clay Brinlee ***@***.***>; Mention ***@***.***>
Subject: Re: [FusionAuth/fusionauth-issues] [Bug]: Cannot log in anymore after upgrade to v1.50.x (Issue #2736)
Hey folks, one question. What is the value of the SSO session length (under Tenants -> OAuth)?
—
Reply to this email directly, view it on GitHub<#2736 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABZIYJV6RZXU7HNRONJEMMLZDTINXAVCNFSM6AAAAABHJKTHJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRVGM4DAMBYGA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
* document that you should not set this parameter to zero FusionAuth/fusionauth-issues#2736 * more nuance, please * updating with correct examples
Thanks @PostImpatica . We've just merged a fix warning folks about setting session timeout too low: FusionAuth/fusionauth-site#3083 We're discussing other ways to mitigate this as well. |
Mine is 3600 seconds. |
What happened?
After upgrading to
v1.50.x
(tried with bothv1.50.0
andv1.50.1
), I cannot log in to FusionAuth anymore. After login, I'm getting presented the login screen again (and no errors shown).More specifically, when I log in via the login UI (no SSO), the POST request to the
authorize
endpoint redirects me to theconsent
endpoint, which redirects me to theauthorize
endpoint that returns a status200
and the login form again.Logins via SSO fail in a similar manner (i.e., I end up in the login screen without any error being shown).
The logs also don't contain any related / helpful message.
Versions up to
v1.49.2
worked without problems.I have a test environment that simply boots a FusionAuth instance against a postgres (all in docker) initiated from a simple
kickstart.json
and even there I can reproduce the problem. I wonder why no one else seems to have run into this yet. 🤔Workaround
This is due to setting the tenant level SSO session timeout too low. If minimizing this value, you must set it high enough to allow users to complete a login workflow. This is application and context dependent. For example, submitting a required registration field or verifying an email address take longer than a typical username and password login.
Do not set this to
0
, as that will definitely trigger this bug.Version
1.50.1
Affects Versions
>= 1.50.0
The text was updated successfully, but these errors were encountered: