http://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692012-05-23T11:03:12ZTYPO3 ForgeTYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1176692012-05-23T11:03:12ZStephan Großberndt
<ul></ul><p>I have users complaining too that often (but not always) the first login fails (using saltedpasswords/rsaauth). After reloading the login form it works. This is not a new issue - at least for 4.5.15 and 4.6.8 it was reported too.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1176722012-05-23T11:10:51ZKay Strobach
<ul></ul><p>i know that this issue is known, but i can't find the related issue. as this is bothering me, i also suggested a solution... (load and refresh the key via ajax)</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1202872012-06-18T08:42:11ZKay Strobach
<ul></ul><p>Others have the problem as well:</p>
<p><a class="external" href="http://www.typo3-media.com/blog/website-caching-login.html">http://www.typo3-media.com/blog/website-caching-login.html</a></p>
<p>Do you see any chance to get that issue voted up?</p>
<p>Regards<br />Kay</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1207732012-06-21T20:20:55ZHelmut Hummeltypo3@helhum.io
<ul></ul><p>I think the key should be loaded by ajax right before the form is submitted. By doing so it is not necessary any more to load the key at a regular basis.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1208472012-06-22T11:10:31ZMario Rimannmario@rimann.org
<ul></ul><p>I just verified the issue on a 4.7.1 installation with rsaauth + saltedpasswords (loginSecurityLevel = rsa).</p>
<p>The following steps are reproducable (Tested with Chrome to verify the noted steps below, but it also happens in Firefox, never logged in to <strong>that</strong> BE with Chrome before):<br />- Open a tab, navigate to foobar.tld/typo3<br />- Enter Username/Password and submit<br />Login fails + Form is shown again<br />- Enter Username/Password again and submit<br />Login success!<br />- Logout from Backend</p>
<p>Above steps can be reproduced after logout (2 rounds needed to be logged in)</p>
<p>I then also tried whether saving the credentials in the browser changes the behaviour - it doesn't. Also when Chrome prefills the form, I have to submit it two times to get logged in to the backend.</p>
<p>I had the impression that I had a similar (if not identical) behaviour also in 4.5.x - but never found a way to reproduce it consistently (and it happened every few days, in different installations - randomly). Now in 4.7.x it's reproducable consistently.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1208522012-06-22T11:34:17ZStephan Großberndt
<ul><li><strong>Target version</strong> set to <i>4.7.2</i></li></ul><p>Could someone with according rights please change the priority of this bug to "must have"?</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1224872012-07-04T18:38:38ZOliver Haderoliver.hader@typo3.org
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Accepted</i></li><li><strong>Priority</strong> changed from <i>Should have</i> to <i>Must have</i></li></ul> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1224882012-07-04T18:38:48ZOliver Haderoliver.hader@typo3.org
<ul><li><strong>Target version</strong> changed from <i>4.7.2</i> to <i>4.7.3</i></li></ul> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1225142012-07-05T09:09:01ZHelmut Hummeltypo3@helhum.io
<ul></ul><p>Mario Rimann wrote:</p>
<blockquote>
<p>Above steps can be reproduced after logout (2 rounds needed to be logged in)</p>
<p>I had the impression that I had a similar (if not identical) behaviour also in 4.5.x - but never found a way to reproduce it consistently (and it happened every few days, in different installations - randomly). Now in 4.7.x it's reproducable consistently.</p>
</blockquote>
<p>I cannot reproduce it on a clean 4.7.1 install. Do you have phpmyadmin installed on that installation? This extension messes with the PHP session, resulting in the described behaviour. If not phpmyadmin, any other extension that does some weird session handling?</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1225192012-07-05T09:31:20ZKay Strobach
<ul></ul><p>no phpmyadmin <a class="user active user-mention" href="http://forge.typo3.org/users/41028">@all review</a>, but some caching options enabled in apache.</p>
<p>login works smooth for me with rsaauth disabled, but is always blocked once with rsaauth. This also happens, if the loginpage is loaded in a background tab and used after some hours ;) - (timeout)</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1225362012-07-05T10:14:40ZStephan Großberndt
<ul></ul><p>Yes, on those websites phpmyadmin is installed and indeed this was the cause for the problems! After uninstalling phpmyadmin the login works again on first try. So this should be filed as a phpmyadmin-bug?</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1225582012-07-05T11:20:02ZMario Rimannmario@rimann.org
<ul></ul><p>Helmut Hummel wrote:</p>
<blockquote>
<p>I cannot reproduce it on a clean 4.7.1 install. Do you have phpmyadmin installed on that installation?</p>
</blockquote>
<p>I can confirm that on the same installation where I tested this problem a few days ago (see above), removing phpmyadmin + clearing caches solved the problem. I'm now able to login directly to the BE without problems.</p>
<p>Thanks for the hint with phpmyadmin - now I have the last reason to remove this extension once for all, ...</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1259822012-07-28T20:09:32ZAlban Cousiniejunk@mind2machine.com
<ul></ul><p>Hello,</p>
<p>I had the same problem of failing first identification on 4.7.2 installation. After reading this issue report, I have uninstalled the phmyadmin extension and I confirm it fixed the issue.</p>
<p>So it is likely the secured authentification code of this extension is interfering with the Typo3 authentification process. I figure phpmyadmin extension's security has been worked a lot for Typo3 because Phpmyadmin has proven in the past to be a wonderfull backdoor with its security breaches. But the authentification communication between Typo3 and phpmyadmin has been buggy for quite a year now : often when you would click on the phpmyadmin module title in the left column, you would have an authentification error in the right panel. In this case you have to reload the whole backend in your browser to be authentified and have phpmyadmin to show up. So it is likely phpmyadmin's authentification code does require some tweaking.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1262902012-07-31T11:40:20ZMichael Bakonyim.bakonyi@civit.de
<ul></ul><p>I've the same problem but without having phpmyadmin installed. I figured out that in my case felogin is causing the problem. So after uninstalling felogin, restarting Firefox, clearing its cache I can login with the first try.</p>
<p>I can confirm this issue with two installations one with 4.7.1 and the other with 4.7.2 installed. So now I don't know if this is still a rsaauth-related problem or if we should change the category of this issue to "felogin". Or shall I open a new bug-report for felogin?</p>
<p>Michael</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1262922012-07-31T11:41:39ZKay Strobach
<ul></ul><p>it's rsaauth related - rsaauth should fetch the key via ajax directly before login ... thanks for sharing your thoughts and problems ;)</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1279922012-08-14T18:31:10ZTobias Schaefertobias.schaefer@ptb.de
<ul></ul><p>On a 4.7.3 installation I'm having the same problem with the first FE-login (not with BE-login), but removing phpmyadmin didn't helped. Not even with the new version 4.14.0 published at 2012-08-13 which fixed the BE-login problem (<a class="external" href="http://bugs.typo3.org/view.php?id=18560">http://bugs.typo3.org/view.php?id=18560</a>). But I found that this bug only occurs if I'm trying to login right after logout. If I go to the login-page using the menu the login works at the first try.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1300882012-08-29T11:29:34ZMichael Bakonyim.bakonyi@civit.de
<ul></ul><p>Any news on this issue? I don't think it's "enterprise" to let hundreds of users try to login two times so let's do something here. :)</p>
<p>If this is not fixed yet I'd like to do some sponsoring on fixing that issue. If my sponsorship won't be enough for the effort of fixing that bug I'd be happy if others would sponsor some money, too.</p>
<p>Btw. I miss the "sponsor-feature" in Redmine we had in the old bug-tracker. :)</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1312922012-09-05T17:51:00ZSebastian Steinmetzme@sebastiansteinmetz.de
<ul></ul><p>Hi, I am also experiencing this problem in at least one installation of a client. And it is also reproducible in my local testing environment.</p>
<p>The problem occurs if you logout and want to login right away. Then it seems as if the RSAAuth information in the session gets messed up:</p>
<p>Step 1: user logs in, everything is fine. The private-key used for the login was generated and has the ID 1)</p>
<p>Step 2: user is logged in, user hits "logout"</p>
<ul>
<li>the RSAAuth extension creates a new key-pair and stores one part of the private in the session and the other part into the database. The session also contains the key-pair-id (let's say the id is 2)</li>
</ul>
<p>Step 3: user wants to login again.</p>
<ul>
<li>problem: the session that gets loaded still contains the private-key-id 1 as if the new key would not have been created. But the public key that was used for encrypting the users credentials belongs to id number 2.</li>
</ul>
<p>So somewhere between step 2 and 3 the session does not get stored correctly. This is absolutely weird. Maybe someone with deeper knowledge in the PHP session handling and the RSAAuth-extension should have a look into this. I'll continue digging, over the next days as time permits.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1347362012-10-02T15:31:10ZUrs Braeminfo@ursbraem.ch
<ul></ul><p>Just another case for the record (using 4.5.19 LTS on Chrome 22)</p>
<p>- Log in (after 2nd try)<br />- Go to direct_mail<br />- It logs me out<br />- Log in again<br />- Go to direct_mail<br />- Now I can work</p>
<p>These extensions are installed:</p>
<p>$TYPO3_CONF_VARS['EXT']['extList'] = 'css_styled_content,info,perm,func,filelist,about,tsconfig_help,context_help,extra_page_cm_options,impexp,sys_note,tstemplate,tstemplate_ceditor,tstemplate_info,tstemplate_objbrowser,tstemplate_analyzer,func_wizards,wizard_crpages,wizard_sortpages,lowlevel,install,belog,beuser,aboutmodules,setup,taskcenter,info_pagetsconfig,viewpage,rtehtmlarea,t3skin,t3editor,reports,felogin,linkvalidator,recycler,t3filelist,realurl,ke_search,realurl_clearcache,image_autoresize,tsconf,sourceopt,tscobj,naw_securedl,saltedpasswords,scheduler,additional_scheduler,kickstarter,formhandler,braem_oda_filelist,braem_oda_wb,css2inline,braem_oda_jobs,tt_address,direct_mail,df_direct_mail_subscription,nc_staticfilecache,it_dmailer_htmlfix,rsaauth,scriptmerger';</p>
<p>Like Michael Bakonyi I would also be glad to pledge a little sponsoring for this issue. but how? Would be cool if there was a kickstarter (not the TYPO3-Kickstarter :-) like functionality...</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1357102012-10-09T17:35:58ZFrancois Suterfrancois@typo3.org
<ul></ul><p>I also observe this bug, with the same remarks as Sebastian: there is a shift of key number, which makes rsaauth unable to decrypt the password. After reloading the page one or more times, the login finally works.</p>
<p>I haven't been able to find the issue. It's really weird. Actually of all the sites I work on, it's the first time I get it. So it's quite obvious that it depends on server settings, maybe PHP, maybe also due to a proxy (that client uses a proxy and we get or not the mistake depending on whether the server is behind the proxy or not). I'm not expert enough in session storage (and possible influence by server/PHP settings or proxies) to know where to start digging.</p>
<p>Knowing what the problem is would of course help making rsaauth more solid.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1397392012-11-08T11:12:30ZStephan Großberndt
<ul></ul><p>Using a current version of phpmyadmin (v.4.14.0) the login error on first try is fixed.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1459612012-12-21T11:07:42ZViktor Livakivskyiinvisible.kinder@gmail.com
<ul></ul><p>Hi all.</p>
<p>I've also recently faced same problem and it was site-specific in my case.<br />You may look at reason here: Bug <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Login not possible from Firefox when using salted passwords and RSA (Closed)" href="http://forge.typo3.org/issues/38660">#38660</a></p>
<p>Maybe, that may help someone :)</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1648912013-05-12T11:52:57ZMoritz Völlinginfo@wellness-heaven.net
<ul></ul><p>Stephan Großberndt wrote:</p>
<blockquote>
<p>Yes, on those websites phpmyadmin is installed and indeed this was the cause for the problems! After uninstalling phpmyadmin the login works again on first try. So this should be filed as a phpmyadmin-bug?</p>
</blockquote>
<p>On my site, it used to be also a conflict with phpmyadmin (v. 3.5.2). Renaming the phpmyadmin directory to a non-standard name solved the problem! It seems phpmyadmin uses the same RSAAuth token.<br />My working example can be found here: <a class="external" href="http://www.wellness-heaven.net">http://www.wellness-heaven.net</a></p>
<p>However, reading the posts above, the bug seems to appear also on sites which do not use phpmyadmin at all. Try searching for other instances of RSAAuth ...</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1649662013-05-13T08:24:21ZKay Strobach
<ul></ul><p>i also had that problem in installations with no phpmyadmin installed.</p>
This issue has two parts:
<ul>
<li>somtimes the login fails due to caching problems.</li>
<li>sometimes the caching fails if the user has opened the login page for hours and the rsa key expired</li>
</ul>
<p>Both problems can be solved, by fetching a new rsa key if there is a onblur on the username or before submitting the form.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=1986072014-01-10T09:03:33ZDavid Bruchmanndavid.bruchmann@gmail.com
<ul></ul><p>On the current site rsaauth is not working at all.<br />I installed felogin, put it as Content-Element on one page and have additionally a modal-box on each page that is shown by click on a login-button.<br />Maybe the double usage is the reason, but usually the user never sees the login-page but only the modal-box.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2106692014-03-26T23:45:21ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>Accepted</i> to <i>Under Review</i></li></ul><p>Patch set 1 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/28893">https://review.typo3.org/28893</a></p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2113812014-04-01T21:47:24ZGerrit Code Review
<ul></ul><p>Patch set 2 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/28893">https://review.typo3.org/28893</a></p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2115012014-04-02T14:05:51ZGerrit Code Review
<ul></ul><p>Patch set 3 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/28893">https://review.typo3.org/28893</a></p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2117322014-04-03T18:36:10ZGerrit Code Review
<ul></ul><p>Patch set 4 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/28893">https://review.typo3.org/28893</a></p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2117882014-04-03T22:30:39ZHelmut Hummeltypo3@helhum.io
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[BUGFIX] Fetch RSA public key by Ajax before login Currently public and private RSA keys are gen..." href="http://forge.typo3.org/projects/typo3cms-core/repository/1749/revisions/b5798938ebeb5e2c6f11a12b3ab6ad10dc8ec905">b5798938ebeb5e2c6f11a12b3ab6ad10dc8ec905</a>.</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=2309892014-09-24T13:31:49ZPatrick Lenk
<ul></ul><p>Are these changes in version 4.5? Or it is planned to apply the changes there?</p>
<p>thanks</p> TYPO3 Core - Bug #37421: RSA Auth prevents User from loginhttp://forge.typo3.org/issues/37421?journal_id=3487142017-10-23T22:20:36ZRiccardo De Contardierredeco@gmail.com
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>