I've recently moved an application from:
TG 2.3.2
Python 2.6.6
Apache 2.4.4 with the event MPM
to:
TG 2.4.2
Python 3.7.6
Apache 2.4.34 with the prefork MPM
Seemingly at random, people can't log in. The problem seems unrelated to who is trying to log in. For example, one person could, and then later could not. Unfortunately I always can, making it harder to troubleshoot.
Both versions of the application authenticate against LDAP. Here's is the auth section of app_cfg.py for the new version:
base_config.update_blueprint({
'auth_backend': 'authmetadata',
'sa_auth.cookie_secret': "xxxxx",
'sa_auth.authmetadata': ApplicationAuthMetadata(model.DBSession, model.User),
'sa_auth.post_login_url': '/post_login',
'sa_auth.post_logout_url': '/post_logout',
'identity.allow_missing_user': True,
'sa_auth.form_plugin': None,
'sa_auth.authenticators': [('myauth', ldapauth.LDAPAuthenticatorPlugin())],
'sa_auth.mdproviders': [('myprovider', ldapauth.LDAPMDProvider())],
})
Here is an except from the Apache logs from a user logging in only one time. It seems to be running the code multiple times, with some attempts working, and some failing:
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960>: {'timestamp': 1580833320, 'repoze.who.plugins.auth_tkt.userid': 'mcahn', 'tokens': [''], 'userdata': {}}
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] no identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960> (None)
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] no identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960> (None)
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] no identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960> (None)
[auth] identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016>: {'login': 'mcahn', 'password': 'xxxxxxxxx', 'max_age': None}
[auth] no identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960> (None)
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960>: {'timestamp': 1580834310, 'repoze.who.plugins.auth_tkt.userid': 'mcahn', 'tokens': [''], 'userdata': {}}
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960>: {'timestamp': 1580834310, 'repoze.who.plugins.auth_tkt.userid': 'mcahn', 'tokens': [''], 'userdata': {}}
[auth] no identity returned from <FastFormPlugin:/login_handler xxxxxxxxxxx2016> (None)
[auth] identity returned from <AuthTktCookiePlugin xxxxxxxxxxxx1960>: {'timestamp': 1580834310, 'repoze.who.plugins.auth_tkt.userid': 'mcahn', 'tokens': [''], 'userdata': {}}
Any advice on where how I might troubleshoot this would be much appreciated. I wonder if the change of which Apache MPM I'm using has anything to do with this problem. I also have the (vague) understanding that the way I'm doing the authentication is deprecated in TG 2.4.
Thanks in advance,
Matthew Cahn