Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC Timeout and Web UI #910

Closed
russjones opened this issue Apr 7, 2017 · 0 comments
Closed

OIDC Timeout and Web UI #910

russjones opened this issue Apr 7, 2017 · 0 comments
Assignees
@russjones @alex-kovoy
Milestone
2.2

Comments

@russjones
Copy link
Contributor

russjones commented Apr 7, 2017
edited
Loading

Issue

At the moment when you start the OIDC login process you have 60 seconds to complete it:

https://github.com/gravitational/teleport/blob/master/lib/auth/auth.go#L756-L759
https://github.com/gravitational/teleport/blob/master/lib/defaults/defaults.go#L114-L115

If you are not able able authenticate within 60 seconds (as in the callback is not received within 60 seconds), the request (and state token contained within) that is stored on the backend is deleted.

When the callback does arrive, it can no longer find the request (and the state token needed to verify the request is valid), the following is presented to the user in the browser:

{"message":"[web connectors oidc requests]: c94b359a1b1c11e793b7ac87a30d221b not found"}

Proposed Fix

  • We improve the UX for timeout messages. While the JSON message is accurate, it's not helpful in resolving the issue.
  • We make the timeout configurable in the OIDC connector.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@russjones russjones

@alex-kovoy alex-kovoy

Labels
None yet
Projects
None yet
Milestone
2.2
Development

No branches or pull requests
2 participants
@russjones @alex-kovoy