Monday 2012-12-10 while rolling out train-2012.11.23 to production there was an issue with login to bugzilla with persona for ~5 minutes. We rolled back immediately. The error returned (to me) said 'Invalid Username Or Password'. I saved off the failing POST data to b.m.o, and check-assertion says it appears valid. I chatted with Byron Jones (glob) on #bmo. They just use the standard /verify service (code here http://bzr.mozilla.org/bmo/4.0/annotate/head:/extensions/BrowserID/lib/Login.pm#L63) I'm thinking that the bugzilla code is not happy with the verifier change, but I'll know better when I can get ahold of some additional log info from production.
From some log information, there were 8 (5 bugzilla) failed logins in that time window, of which 5, possibly 6 were my failures. There were two other RP's affected. I'm seeing an error on 'port mismatch'.
jrgm theorized that this was a string/int comparison error (http://irclog.gr/#show/irc.mozilla.org/identity/187967) git bisecting confirms that he is correct, and that the problem is in this commit: https://github.com/mozilla/browserid/commit/d494afbbce176697998f3b39764200d8732ad256#L28L77 I have a fix locally; I am adding test cases and will submit a PR asap.
From production, we chirped the below, here: https://github.com/mozilla/browserid/blob/dev/lib/verifier/certassertion.js#L127 "verification failure, audience mismatch: 'https://bugzilla.mozilla.org' != 'https://bugzilla.mozilla.org:443': port mismatch"
Good call, matches your hypothesis.
:ozten merged https://github.com/mozilla/browserid/pull/2855 - hopefully this fixes the problem
This is fixed, no?
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.