concourse: Cannot login to Concourse Web using Firefox

Bug Report

When using Firefox, a login is not possible since the cookie cannot be set.

Steps to Reproduce

  1. Deploy Concourse v4.2.3 (HTTPS enabled)
  2. Use Firefox 65.0.2 to access the Concourse WEB UI
  3. Login to concourse (tested with a local user and LDAP user)

(please include any pipelines/tasks using https://gist.github.com)

Expected Results

I expect to be successfully logged into concourse

Actual Results

After entering the username/password and submitting this page, a blank page is shown.

Additional Context

Logs in atc show that the login is successful. However, the error says that a cookie cannot be set.

/var/vcap/sys/log/atc/atc.stdout.log:

{"timestamp":"1551778162.090207577","source":"atc","message":"atc.dex.event","log_level":1,"data":{"fields":{},"message":"garbage collection run, delete auth requests=1, auth codes=0","session":"5"}}
{"timestamp":"1551781379.318979025","source":"atc","message":"atc.dex.event","log_level":1,"data":{"fields":{"connector":"LDAP"},"message":"performing ldap search DC=<....>","session":"5"}}
{"timestamp":"1551781379.320216894","source":"atc","message":"atc.dex.event","log_level":1,"data":{"fields":{"connector":"LDAP"},"message":"username \"<username>\" mapped to entry CN=<....>","session":"5"}}
{"timestamp":"1551781379.324945211","source":"atc","message":"atc.dex.event","log_level":1,"data":{"fields":{},"message":"login successful: connector \"ldap\", username=\"<username>\", email=\"<email>\", groups=[]","session":"5"}}
{"timestamp":"1551781379.332607746","source":"atc","message":"atc.sky.callback.failed-to-fetch-cookie-state","log_level":2,"data":{"error":"http: named cookie not present","session":"4.25"}}

This occurs only using firefox. It works well in chrome. I also checked if cookies are disabled in firefox but didn’t find anything. I explicitly allowed cookies for this domain and tried to turn off all security features that could be related to that.

Version Info

  • Concourse version: 4.2.3
  • Deployment type (BOSH/Docker/binary): BOSH
  • Infrastructure/IaaS: vsphere
  • Browser (if applicable): Firefox 65.0.2 It also works with latest Chrome version 72.0.3626.121
  • Did this used to work? Yes

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 3
  • Comments: 15 (6 by maintainers)

Most upvoted comments

Could be a bug with starting the login flow on the wrong URL - it has to match the external URL. e.g. if your external URL is localhost:8080 but you’re logging in through 127.0.0.1:8080 I think you’ll get that sort of error.

+15
vito on Mar 9, 2019

don’t know it this is relevant. but when i upgraded from 4.x to 5.x i received 400 error when loggin in with fly the login url was https://mydomain.com/sky/login?redirect_uri=http://127.0.0.1:39599/auth/callback but the new 5.x way of loggin in is via https://mydomain.com/login?fly_port=57566

this seem to be related due to the fly versions fly 4.x is the redirect_uri and 5.x uses login?fly_port

you think with a simple fly sync it would solve the problem but as you are on fly 4.x you can’t because if you want to sync you need to login…

the workarround is use the https://mydomain.com/login?fly_port=57566 copy the token and login and sync your fly binary

+2
ramonskie on Jun 13, 2019
Read more comments on GitHub
← concourse: can not login after upgrading to 4
concourse: Certificate Propagation Breaks Alpine OpenJDK Images →