Uploaded image for project: 'aaa'
  1. aaa
  2. AAA-101

token authentication fails intermittently

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • None
    • None
    • General
    • None

    • Operating System: All
      Platform: All

    • 5838

      aaa authn csit jobs see sporadic failures in test cases using token
      authentication. The recently (within 1s) retrieved token does not
      authenticate and the test REST call returns 401 and the test case
      fails.

      one job here:
      https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-only-boron/

      running the same suites locally produces the same failures. While
      reproducing, I used TRACE logging on org.opendaylight.aaa and saw
      these messages just after the failed token authentication happened:

      2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | TokenAuthRealm | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
      2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | get domain
      2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table DOMAINS already exists
      2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | DomainStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep257: SELECT * FROM DOMAINS WHERE domainid = ?

      {1: 'sdn'}

      2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | check user / pwd
      2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | getUsers for: � in domain sdn
      2016-05-04 00:00:21,942 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table USERS already exists
      2016-05-04 00:00:21,943 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep259: SELECT * FROM USERS WHERE userid = ?

      {1: STRINGDECODE('\u 00ef\u00bf\u00bd@sdn')}

      2016-05-04 00:00:21,945 | DEBUG | tp555984556-1669 | AuthenticationListener | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Unsuccessful authentication attempt by � from <snip>

      I checked against Beryllium SR1, Lithium SR2 and the current Beryllium SR2 candidate. I ran
      the robot suite 40 times each and the results:

      BeSR2 - 8 failures
      BeSR1 - 11 failures
      LiSR2 - 0 failures

      email thread discussing this issue is here:

      https://lists.opendaylight.org/pipermail/integration-dev/2016-May/006612.html

            zhengjingwen zhengj ingwen
            jluhrsen Jamo Luhrsen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: