https://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842023-03-06T14:17:03ZopenSUSE Project Management ToolopenQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6094252023-03-06T14:17:03Zjbaier_czjbaier@suse.cz
<ul></ul><p>That looks like an error from Net::OpenID::Consumer</p>
openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6113332023-03-09T10:32:47Zmkittlermarius.kittler@suse.com
<ul><li><strong>Subject</strong> changed from <i>[o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response.</i> to <i>[o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:M</i></li><li><strong>Description</strong> updated (<a title="View differences" href="/journals/611333/diff?detail_id=574025">diff</a>)</li><li><strong>Status</strong> changed from <i>New</i> to <i>Workable</i></li></ul> openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6127732023-03-13T15:14:41Zmkittlermarius.kittler@suse.com
<ul><li><strong>Assignee</strong> set to <i>mkittler</i></li></ul> openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6127762023-03-13T15:17:12Zmkittlermarius.kittler@suse.com
<ul><li><strong>Status</strong> changed from <i>Workable</i> to <i>In Progress</i></li></ul><p>It comes from <code>Net::OpenID::Consumer</code>, indeed:</p>
<pre><code>=item C<naive_verify_failed_return>
(V) An attempt to confirm a positive assertion via direct contact (check_authentication) received an explicitly negative response (C<openid.is_valid = FALSE>).
</code></pre> openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6128302023-03-13T16:19:29Zmkittlermarius.kittler@suse.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul><p>We're explicitly logging this error from the provider's error callback. We're also showing it the user in form of a flash message.</p>
<p>I've tried to provoke this locally but couldn't reproduce it playing around with our OpenID provider (e.g. clicking on the "Reject" button or entering false credentials didn't trigger the problem). According to the specification the error means that the signature of the verification request is <em>not</em> valid. I suspect there was something wrong on the remote side. Especially since it is working again, there's likely nothing to be fixed on our side.</p>
<p>For now I've created <a href="https://github.com/os-autoinst/openQA/pull/5034" class="external">https://github.com/os-autoinst/openQA/pull/5034</a> for better context of the error message.</p>
<p>I guess we should decide whether we want to be alerted about this problem in the future. This time the alert wasn't really actionable (besides a slight improvement of the error message). I don't think it'll be actionable next time as well. So it would likely be best to ignore it in our alerting. We could either just ignore <code>naive_verify_failed_return</code> specifically or (when the PR has been merged) all OpenID-related errors. To be on the safe side, I'd created <a href="https://github.com/os-autoinst/openqa-logwarn/pull/44" class="external">https://github.com/os-autoinst/openqa-logwarn/pull/44</a> to ignore only the specific error for now.</p>
openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6132352023-03-14T11:52:56Zmkittlermarius.kittler@suse.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Both PRs have been merged so I'm considering this resolved.</p>
openQA Project - action #125459: [o3-logwarn] error naive_verify_failed_return: Direct contact invalidated ID provider response. size:Mhttps://progress.opensuse.org/issues/125459?journal_id=6138952023-03-15T13:40:16Zokurzokurz@suse.com
<ul></ul><p>For such cases I suggest to use the "warn" loglevel and not "error". Just excluding from logwarn makes the issue not visible "for us" but not for other users of openQA.</p>