Yahoo BigTent cannot reach OpenID endpoints

RESOLVED FIXED

Status

RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: ozten, Assigned: gene)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
Looking at http://gene.pastebin.mozilla.org/2045689

It seems, the problem is that our code cannot do OpenID discovery.

Do we have restrictions on Outbound connections? Have we opened up the Yahoo relevant urls documented in:
https://github.com/mozilla/browserid-bigtent/issues/23

Stepping through the code, these are the outbound connections that are failing on my local deployment
http://pastebin.mozilla.org/2045799
(Assignee)

Updated

6 years ago
Assignee: nobody → gene
(Assignee)

Comment 1

6 years ago
I've confirmed that this communication isn't being allowed by squid in stage :

echo "import httplib
conn = httplib.HTTPConnection('idproxy.idweb', 8888)
conn.request('GET', 'http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds')
req = conn.getresponse()
print req.status, req.reason
for h in req.getheaders():
 print h
print req.read()" | python


I'm looking into the cause.
Status: NEW → ASSIGNED
network access is firewalled both ways. You will need to open a netops ticket for access.
(Assignee)

Comment 3

6 years ago
There was a 2 letter typo in the squid config, I've fixed and am deploying now.
(Assignee)

Comment 4

6 years ago
Here's the typo if you're curious : 

-acl bigtent_yahoo1 url_regex ^http://open.loginid.yahooapis.com/openid20/www.yahoo.com/xrds$
+acl bigtent_yahoo1 url_regex ^http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds$
(Assignee)

Comment 5

6 years ago
Yup, that fixed it.

ckolos : this connectivity is already enabled for the squid proxies which the bigtent servers use to talk to the outside world.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Reporter)

Comment 6

6 years ago
Try this and note a) It takes a long time b) It's a 500

    curl -v  https://yahoo.login.anosrep.org/proxy/eozten%40yahoo.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>Service Unavailable</title>
<style type="text/css">
body, p, h1 {
  font-family: Verdana, Arial, Helvetica, sans-serif;
}
h2 {
  font-family: Arial, Helvetica, sans-serif;
  color: #b10b29;
}
</style>
</head>
<body>
<h2>Service Unavailable</h2>
<p>The service is temporarily unavailable. Please try again later.</p>
</body>
</html>
(Reporter)

Comment 7

6 years ago
Added support for http_proxy, just like BrowserID server.

Please read the section "HTTP Proxy Config" in 
https://github.com/mozilla/browserid-bigtent/blob/train-2013.01.17/docs/OPS_NOTES.md


Fixed in https://github.com/mozilla/browserid-bigtent/issues/109

Ready for re-deploy:
SHA: d9a1850f07069732c0a670473e722f728f1456ed
Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 8

6 years ago
I've deployed browserid-bigtent-0.2013.01.17-4.el6_112050.x86_64 and made config changes
(Reporter)

Comment 9

6 years ago
Updated node-openid

Ready for re-deploy:

SHA: 58745a200c6e0ea626c4c0c60f8df72c5742b42c
Tree: https://github.com/mozilla/browserid-bigtent/tree/train-2013.01.17
(Reporter)

Comment 10

6 years ago
SHA: 781d11490cabaaeb7c612569d5008fcb2324a5e5

for Rev 5
(Assignee)

Comment 11

6 years ago
781d11490cabaaeb7c612569d5008fcb2324a5e5 built as browserid-bigtent-0.2013.01.17-5.el6_112050.x86_64 and deployed to stage.

This comment was supposed to go in back on 1-10.
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.