Closed Bug 827947 Opened 12 years ago Closed 12 years ago

Yahoo BigTent cannot reach OpenID endpoints

Categories

(Cloud Services :: Operations: Miscellaneous, task)

x86_64
Linux
task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ozten, Assigned: gene)

Details

Looking at http://gene.pastebin.mozilla.org/2045689 It seems, the problem is that our code cannot do OpenID discovery. Do we have restrictions on Outbound connections? Have we opened up the Yahoo relevant urls documented in: https://github.com/mozilla/browserid-bigtent/issues/23 Stepping through the code, these are the outbound connections that are failing on my local deployment http://pastebin.mozilla.org/2045799
Assignee: nobody → gene
I've confirmed that this communication isn't being allowed by squid in stage : echo "import httplib conn = httplib.HTTPConnection('idproxy.idweb', 8888) conn.request('GET', 'http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds') req = conn.getresponse() print req.status, req.reason for h in req.getheaders(): print h print req.read()" | python I'm looking into the cause.
Status: NEW → ASSIGNED
network access is firewalled both ways. You will need to open a netops ticket for access.
There was a 2 letter typo in the squid config, I've fixed and am deploying now.
Here's the typo if you're curious : -acl bigtent_yahoo1 url_regex ^http://open.loginid.yahooapis.com/openid20/www.yahoo.com/xrds$ +acl bigtent_yahoo1 url_regex ^http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds$
Yup, that fixed it. ckolos : this connectivity is already enabled for the squid proxies which the bigtent servers use to talk to the outside world.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Try this and note a) It takes a long time b) It's a 500 curl -v https://yahoo.login.anosrep.org/proxy/eozten%40yahoo.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> <title>Service Unavailable</title> <style type="text/css"> body, p, h1 { font-family: Verdana, Arial, Helvetica, sans-serif; } h2 { font-family: Arial, Helvetica, sans-serif; color: #b10b29; } </style> </head> <body> <h2>Service Unavailable</h2> <p>The service is temporarily unavailable. Please try again later.</p> </body> </html>
Added support for http_proxy, just like BrowserID server. Please read the section "HTTP Proxy Config" in https://github.com/mozilla/browserid-bigtent/blob/train-2013.01.17/docs/OPS_NOTES.md Fixed in https://github.com/mozilla/browserid-bigtent/issues/109 Ready for re-deploy: SHA: d9a1850f07069732c0a670473e722f728f1456ed Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I've deployed browserid-bigtent-0.2013.01.17-4.el6_112050.x86_64 and made config changes
Updated node-openid Ready for re-deploy: SHA: 58745a200c6e0ea626c4c0c60f8df72c5742b42c Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
SHA: 781d11490cabaaeb7c612569d5008fcb2324a5e5 for Rev 5
781d11490cabaaeb7c612569d5008fcb2324a5e5 built as browserid-bigtent-0.2013.01.17-5.el6_112050.x86_64 and deployed to stage. This comment was supposed to go in back on 1-10.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.