-
Bug
-
Resolution: Unresolved
-
None
-
None
-
None
-
Operating System: All
Platform: All
-
5838
aaa authn csit jobs see sporadic failures in test cases using token
authentication. The recently (within 1s) retrieved token does not
authenticate and the test REST call returns 401 and the test case
fails.
one job here:
https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-only-boron/
running the same suites locally produces the same failures. While
reproducing, I used TRACE logging on org.opendaylight.aaa and saw
these messages just after the failed token authentication happened:
2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | TokenAuthRealm | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | get domain
2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table DOMAINS already exists
2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | DomainStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep257: SELECT * FROM DOMAINS WHERE domainid = ?
2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | check user / pwd
2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | getUsers for: � in domain sdn
2016-05-04 00:00:21,942 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table USERS already exists
2016-05-04 00:00:21,943 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep259: SELECT * FROM USERS WHERE userid = ?
2016-05-04 00:00:21,945 | DEBUG | tp555984556-1669 | AuthenticationListener | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Unsuccessful authentication attempt by � from <snip>
I checked against Beryllium SR1, Lithium SR2 and the current Beryllium SR2 candidate. I ran
the robot suite 40 times each and the results:
BeSR2 - 8 failures
BeSR1 - 11 failures
LiSR2 - 0 failures
email thread discussing this issue is here:
https://lists.opendaylight.org/pipermail/integration-dev/2016-May/006612.html