Recent Logins giving me Internal server error and 500 on screen

I am running Leap 15.5 and TW on KDE desktops.
Recent logins on both OSs are giving me a 500 message on the screen after I have entered my username and pw.

If I leave this screen running and open a new tab and log in again this takes my to the forum correctly but I need the second log in to be able to access this forum.

Where am I going wrong please? I only have this problem on this website.

1 Like

This is a known problem and happens to me as well.

There is a thread in the German forum about this.

Nevertheless it might be a good idea to report the problem to admin-at-opensuse-dot-org once more.

1 Like

Like @susejunky I assume that you do NOT mean “login on OS” (the operating system), but login on the openSUSE forums.

When yes, this should have been in “:Forums Feedback”.

Please try to understand the difference of log in as a user in a computer running openSUSE (that is where Install/Boot/Login is for), and log in using a browser into some site on the internet (in this case the openSUSE forums). Those are very, very different.

2 Likes

Hi Henk,
Glad to learn you are still meticulous in your replies but susejunky understood my post and had the information I needed. I had been concerned that I or my setup might have been at fault. I shall now report the problem.

I do always appreciate your replies to my questions and well deserved criticisms, just find it unfortunate that you seldom also come up with the answers.

Often it is complete unclear to me what you want to say (specially when there is no computer output, something I often do understand), but in this case @susejunky was faster.
But I agree that I understood what happened to you mostly from his assumptions rather then from your description.

And yes, I often try to extract more/better information because I see that a problem description is lousy. When then those infos arrive, other people may tune in because they now understand what is going on.
In fact I try to avoid that people simply leave a badly formulated problem alone (not everybody likes it to ask questions again and again that could easily have delivered in the first description) and go for something else.

2 Likes

@Budgie2 Using a password manager, maybe something caching the previous session? If you create a test user and login and try just using username and password, does that work?

This is happening to several people. It does not happen all of the time, but with me maybe a few times a week. Starting point is always the same. Fresh user login in the GUI, no cookies saved. In my case Firefox. From any page (most often main page, but it may be another one), click “login” (or what the translation is, top right), get the login page, fill in (either manual, or by FF password manager, but what is the difference?), send off. Until this point, everything is normal.

But now one gets a page with huge “500” http error.

Best action is to keep that page as it is and to start a new tab/page with the forums, When then the “login” is clicked, one arrives at the same page, but one is logged in!

Now the original page with the 500 error can be deleted.

The problem is of course that filing such a “sometimes it happens” bug is easily done, but not so easy to reproduce by the maintainer/web master.

BTW, thanks for moving this to the correct section.

@malcolmlewis : I can confirm what @hcvv reports.

The problem started to appear in the early months of 2024 (and there is a thread in the German forum about it).

I use Firefox only but no password manager. All browsers are configured to delete all browser data on exit and in most cases when I visit the forum Firefox gets freshly started (so there should be no cached data at all).

The problem occurs with Firefox on openSUSE Tumbleweed (latest version from the oss-repository) and on Android 14 (latest version from Google Play Store).

I have managed to reproduce this in Firefox on TW - it does seem to happen somewhere in the identity provider authentication flow, rather than in the forums software itself, so we’ll have to have someone on the Heroes team who works with that part of the infrastructure take a look.

I tried it twice in Firefox just now, and was able to see it both times.

Appreciate the report.

1 Like

@hendersj : Thank you very much for looking into this !

It seems to be specific to Firefox - was able to reproduce it reliably with that browser, but not with Chrome (not reliably, in any event - as I wrote that, I tried again, and it happened in Chrome incognito as well). It seems to be outside of the forums proper, but I’ve passed my findings along to the right folks, so hopefully we can get it figured out.

Now that the professionals are on to the case I shall relax a bit but just FYI I have the same problem on Leap 15.5 as well. I tried to make that clear in my original post.
Thanks again for your reply. At least it was not my own fault this time!!!

Here also Leap 15.5
(forgot to mention that)

The good news (ish) is that it seems to be something server-side, and not something to do with the browser or OS.

The bad news (ish) is that it’s going to take some research to figure out what’s going on. I’ve been reviewing the config with someone with access to it, and we can’t see anything that would be causing this, so we’re having to find more expertise to dig further into it.

The better news it that at the point you get the 500 error, you’re authenticated, so just revisiting the forums and clicking “log on” again will get around the issue (as you’ve all observed), because the authentication token has been issued and is in the browser. It’s just sending you to the wrong site (src.opensuse.org) rather than back to the site you initiated the login from. (The 500 error is coming not from the authentication system, but from src.o.o, and is a result if it basically saying “I didn’t ask for an authentication token, why are you giving this to me?”)

But it doesn’t look like it’s going to be a quick fix.

1 Like

Yes, but that only works if you do NOT close the tab/window with the 500 error before you revisit the forums (at least when it is the only window opened in e.g. Firefox), because closing the browser complete will remove the token (cookies) and you are back at being not logged in.

Juts to make this 100% clear.

Of course, that’s pretty much what I observed as well during my multiple-hour troubleshooting session yesterday. :slight_smile:

FWIW, I’ve observed the same authentication behaviour with Safari on my iPhone. I came to realise that I could just open another tab and navigate to the forum page without further issue.

It doesn’t seem to be related to the client, we’ve got some additional debugging turned on to see if we can narrow it down. The challenge is we can’t reproduce it entirely at will, so it’s going to take some time to actually figure this one out.

A little more technical explanation of what we’re seeing.

The authentication flow uses OpenID Connect; when you click “Log On” in the forums, it redirects to the IdP (Identity Provider) at id.opensuse.org - part of what is included in the flow is that the software requesting authentication sends what’s called a “redirect URI” value so the IdP knows where to return to when the authentication has been completed.

The client provides this information to the IdP - the IdP compares it to a list of valid redirect URIs (which can actually include wildcards), but the IdP doesn’t actually know where to return any specific request to.

As part of the processing, there’s a transaction ID that’s used to track information related to the authentication transaction, and that redirect URI is stored in memory and/or in a temporary database table. After you’ve clicked the login button on the login form, the system retrieves the redirect URI from where it stored it, and uses that to tell the browser where to return to.

For some reason (which is what we’re trying to figure out), the value that’s being sent back post-authentication is pointing to src.opensuse.org - a gitea instance. When the browser is sent back to the redirect URI, it’s also provided with a code that the originating application (the “relying party” in OIDC terms) uses to authenticate to the software.

The 500 error is coming up at src.opensuse.org because it never requested an authorization code on behalf of the user. It’s the forums that did, and gitea has no idea what the authorization code that came back is for. (The OIDC flow is actually called an “authorization code” or “code” flow)

In looking at traces of the issue yesterday while I was able to reproduce it, the first time src.opensuse.org comes up in the trace is as part of the reply from the IdP after authentication takes place. The protocol spec says that the client (web browser, in this instance) provides that info, so that’s what’s leading us to think that it’s related to a lookup to retrieve the information that was previously stored from earlier in the transaction.

It seems that the issue is at the IdP; we’ve got a couple of possible ideas as to what it might be, but we need more data (ie, more failures) to see in the logs what’s happened.

The reason that opening another tab (or going back) works is that the IdP has already issued its authorization token, so when you click “Log On” a second time here in the forums, you don’t have to reauthenticate with the IdP, and it just bounces back with the existing token, straight to the redirect URI the browser provided. That second attempt should, therefore, always work (unless you clear cookies, close the browser with cookie clearing turned on in the browser settings, or wait long enough for the lifetime of the token to expire).

Probably more info than anyone wanted about the issue…but that’s what we’re looking into - and why it’s probably going to take some time to resolve. These types of intermittent issues are a real challenge to troubleshoot.

Dear all,

it was me who started the thread about 500 at forums.o.o in the German section.

My regular settings:

  • openSUSE Leap 15.6
  • Mozilla Firefox, currently 129.0.1 (from openSUSE Mozilla OBS repo — not regular ESR as in standard Leap)
  • some (i.e. quite many) specific settings in about:config (and a few add-ons) — but currently (this time) using a fresh and clean profile and still have had the 500 error(!)

I have experienced this 500 error quite a lot: not every time, but “many” times (no statistics, sorry, just feeling but it’s noticeable).

I already once wrote to admin-at-opensuse-dot-org. The reply was very compact: they know about the problem. It is said to be related to this service. They did not indicate to actually work on this issue soon.

So, I suggest (as @susejunky already did) to write a note to admin-at-opensuse-dot-org again.

What I also have experienced:

  • You can login into forums.o.o by logging in into id.o.o first and then open forums.o.o and click on your account (you don’t have to provide username/password again).
  • Either way (login into forums.o.o directly or by id.o.o) you are actually not really logged out when logging out of forums.o.o. You either have to delete history (cookies/cache) or logout at id.o.o (when you logout at id.o.o you are also logged out of forums.o.o (despite cleaning cookies/cache)).
  • (With my regular Firefox profile all history gets deleted on a clean exit of Firefox. So, when I close Firefox and restart Firefox, then I would be logged out and need to login again.)