Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20800

Access propogation errors causing issue with SAML login.

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.12.2, 6.16.0, 6.16.1
    • Fix Version/s: None
    • Component/s: Access Server, HA, SAML SSO
    • Labels:
      None

      Description

      While performing the rolling restart of HA clusters, Intermittently observing SAML login issues on the nodes which is not restarting. Below are the steps which were performed to reproduce the customer's issue.

      Method 1:

      Step 1: Set up 1 primary and 4 secondary nodes and configured SAML to the HA cluster

      Step 2: Performed a rolling restart and while a node is restarting, I did not remove the particular node from the load balancer.

      Step 3: Tried to log in to Artifactory as a first-time SAML user using the load balancer url. This means the user which I am using to log in is not part of the existing Artifctory users. As a first-time SAML user, it should redirect to the SAML login and get authenticated.

      Step 4: Here I observed that when I performed the above steps, node 2 was restarting and got the below error in node 3 and also I did not remove the node 2 from the load balancer.

      Error Snippet:

      2019-12-05 03:44:37,399 [http-nio-8081-exec-9] [INFO ] (o.j.c.w.ConfigurationManagerImpl:322) - [Node ID: art2] detected remote modify for config 'artifactory.security.access/access.admin.token'

      2019-12-05 03:51:06,653 [http-nio-8081-exec-6] [INFO ] (o.j.c.w.ConfigurationManagerImpl:322) - [Node ID: art2] detected remote modify for config 'artifactory.security.access/access.admin.token'

      2019-12-05 03:52:08,629 [http-nio-8081-exec-4] [ERROR] (o.a.u.r.s.a.s.s.GetSamlLoginResponseService:55) - Error occurred while trying to login using SAML: HTTP response status 500:Failed on executing /api/v1/users/, with response: {

        "errors" : [

      {     "code" : "INTERNAL_SERVER_ERROR",     "message" : "Could not propagate changes to another access server ServerImpl(id=03536f0b-19c9-4bb8-a907-ee6c856736c5, created=1573728842876, modified=1575517850724, uniqueName=5df34fbe-60a3-4179-a8bf-6688269bcfde, version=4.9.1, privateKeyFingerprint=e59923c0b9cdbddc086995ac20dccb9353c8bd6b5ea432b15ccc25c3abcfed36, privateKeyLastModified=1575517850718, lastHeartbeat=1575517892401, baseUrl=[http://10.0.0.82:8081/access|http://10.0.1.82:8081/access], grpcInfo=10.0.0.82:8045)"   }

      ]

      }

       

      Method 2:

      Step 1: Set up 1 primary and 4 secondary nodes and configured SAML to the HA cluster

      Step 2: Performed a rolling restart and while a node is restarting, I removed the particular node from the load balancer.

      Step 3: Tried to log in to Artifactory with SAML user using the load balancer url and the user name exists in Artifactory. 

      Step 4: Still I am observing the above-stated error snippet.

       

      Observation:

      It failed because it was trying to propagate changes to another access server which was being restarted at the time. The problem here is Artifactioy is still considering the node which is restarting as an active node but the node already been removed from the load balancer. Please confirm this behaviour whether it is an issue.

      I raised a Jira after having a working session with Aviv Blonder.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vigneshs Vignesh S
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: