[shib_auth] Authentication errors under load
Kristof Bajnok
bajnokk at niif.hu
Wed Apr 3 08:20:20 CEST 2013
Hi Nate,
On 04/01/2013 08:50 PM, Nate Klingenstein wrote:
> A site that uses Shibboleth, Drupal, and shib_auth under heavy load is experiencing occasional single authentication failures. The error message is generated by shib_auth, which makes me think there may be a concurrency issue in shib_auth.
This is strange, I've never seen anything like this, although we did
some load tests (years ago). Concurrency issues are serious, so they are
certainly worth a deeper investigation.
> The exact error condition is one of these two(same error message, can't modify code in place to disambiguate):
>
> shib_auth.module:
>
> 424 else shib_auth_error('Couldn\'t login user: ' . $authmap_username['name ']);
> 425 }
> 426 else shib_auth_error('Couldn\'t login user: ' . $authmap_username['name'] );
>
> Can you think of anything that would cause this?
It would fail if either user_external_load() or
user_external_login_register() fail. Both are Drupal core functions, so
the issue might be hiding there. (I don't know too many modules that use
the user_external_* functions, so this part of DC might not be tested as
much as other parts.)
Do you get the error message during a load test or a normal operation?
Are you using some kind of load distribution? Caching? Please provide as
much information as you can (including the Drupal version) to reproduce
the issue.
Thanks,
Kristof
More information about the shib_auth
mailing list