Closed
Bug 827947
Opened 12 years ago
Closed 11 years ago
Yahoo BigTent cannot reach OpenID endpoints
Categories
(Cloud Services :: Operations: Miscellaneous, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ozten, Assigned: gene)
Details
Looking at http://gene.pastebin.mozilla.org/2045689 It seems, the problem is that our code cannot do OpenID discovery. Do we have restrictions on Outbound connections? Have we opened up the Yahoo relevant urls documented in: https://github.com/mozilla/browserid-bigtent/issues/23 Stepping through the code, these are the outbound connections that are failing on my local deployment http://pastebin.mozilla.org/2045799
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → gene
|
|
Assignee | |
Comment 1•12 years ago
|
||
I've confirmed that this communication isn't being allowed by squid in stage :
echo "import httplib
conn = httplib.HTTPConnection('idproxy.idweb', 8888)
conn.request('GET', 'http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds')
req = conn.getresponse()
print req.status, req.reason
for h in req.getheaders():
print h
print req.read()" | python
I'm looking into the cause.Status: NEW → ASSIGNED
network access is firewalled both ways. You will need to open a netops ticket for access.
|
|
Assignee | |
Comment 3•12 years ago
|
||
There was a 2 letter typo in the squid config, I've fixed and am deploying now.
|
|
Assignee | |
Comment 4•12 years ago
|
||
Here's the typo if you're curious : -acl bigtent_yahoo1 url_regex ^http://open.loginid.yahooapis.com/openid20/www.yahoo.com/xrds$ +acl bigtent_yahoo1 url_regex ^http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds$
|
|
Assignee | |
Comment 5•12 years ago
|
||
Yup, that fixed it. ckolos : this connectivity is already enabled for the squid proxies which the bigtent servers use to talk to the outside world.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 6•12 years ago
|
||
Try this and note a) It takes a long time b) It's a 500
curl -v https://yahoo.login.anosrep.org/proxy/eozten%40yahoo.com
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>Service Unavailable</title>
<style type="text/css">
body, p, h1 {
font-family: Verdana, Arial, Helvetica, sans-serif;
}
h2 {
font-family: Arial, Helvetica, sans-serif;
color: #b10b29;
}
</style>
</head>
<body>
<h2>Service Unavailable</h2>
<p>The service is temporarily unavailable. Please try again later.</p>
</body>
</html>|
|
Reporter | |
Comment 7•11 years ago
|
||
Added support for http_proxy, just like BrowserID server. Please read the section "HTTP Proxy Config" in https://github.com/mozilla/browserid-bigtent/blob/train-2013.01.17/docs/OPS_NOTES.md Fixed in https://github.com/mozilla/browserid-bigtent/issues/109 Ready for re-deploy: SHA: d9a1850f07069732c0a670473e722f728f1456ed Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 8•11 years ago
|
||
I've deployed browserid-bigtent-0.2013.01.17-4.el6_112050.x86_64 and made config changes
|
|
Reporter | |
Comment 9•11 years ago
|
||
Updated node-openid Ready for re-deploy: SHA: 58745a200c6e0ea626c4c0c60f8df72c5742b42c Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
|
|
Reporter | |
Comment 10•11 years ago
|
||
SHA: 781d11490cabaaeb7c612569d5008fcb2324a5e5 for Rev 5
|
|
Assignee | |
Comment 11•11 years ago
|
||
781d11490cabaaeb7c612569d5008fcb2324a5e5 built as browserid-bigtent-0.2013.01.17-5.el6_112050.x86_64 and deployed to stage. This comment was supposed to go in back on 1-10.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•