Please some help loging-in!

kike.ramirez · October 23, 2020, 6:21pm

Hi, I already installed OpenEdX on Azure and is alive but I haven’t been able to login because none of the default users/pass works.

The error message is always:

We couldn’t sign you in.

An unexpected error has occurred.

This is my instance: aprende.techo.org

Can somebody give me a hand please?

I’m very new in all this so I’ll have a lot of questions along the way. If there is anybody willing to guide, I’ll be very very thankful.

jramnai · October 26, 2020, 5:31am

Hello @kike.ramirez,

Try to check your logs when you login to your platform. From the logs, you will get more idea about what is going wrong underneath.

And if you can’t understand the logs then share the error trace over here so that familiar people will be able to help you.

You can find logs over here: /edx/var/log/lms/edx.log

kike.ramirez · October 29, 2020, 8:20pm

Hi @jramnai , thanks for the suggestion. Was useful.

When I try to login from my subdomain I get this:

Oct 29 19:59:51 aprende [service_variant=lms][django.security.csrf][env:sandbox] WARNING [aprende  3798] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/
Oct 29 20:00:01 aprende [service_variant=lms][django.security.csrf][env:sandbox] WARNING [aprende  3798] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/
Oct 29 20:00:04 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  3801] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"

But when I try to login via localhost within the server wit the remote desktop I get this:

Oct 29 20:03:05 aprende [service_variant=lms][student.helpers][env:sandbox] WARNING [aprende  3794] [user None] [helpers.py:320] - Unsafe redirect parameter detected after login page: 'http://localhost:18010/'
Oct 29 20:03:28 aprende [service_variant=lms][audit][env:sandbox] INFO [aprende  3794] [user 13] [models.py:2450] - Login success - user.id: 13
Oct 29 20:04:06 aprende [service_variant=lms][audit][env:sandbox] INFO [aprende  3801] [user 17] [models.py:2450] - Login success - user.id: 17
Oct 29 20:04:41 aprende [service_variant=lms][student.helpers][env:sandbox] WARNING [aprende  3801] [user 13] [helpers.py:320] - Unsafe redirect parameter detected after login page: 'http://localhost:18010/'
Oct 29 20:04:45 aprende [service_variant=lms][openedx.core.djangoapps.content.block_structure.store][env:sandbox] INFO [aprende  3795] [user 13] [store.py:179] - BlockStructure: Not found in cache; block-v1:edX+DemoX+Demo_Course+type@course+block@course.
Oct 29 20:04:46 aprende [service_variant=lms][openedx.core.djangoapps.content.block_structure.store][env:sandbox] INFO [aprende  3795] [user 13] [store.py:166] - BlockStructure: Added to cache; block-v1:edX+DemoX+Demo_Course+type@course+block@course, size: 14128
Oct 29 20:05:00 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  3794] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"
Oct 29 20:06:01 aprende [service_variant=lms][audit][env:sandbox] INFO [aprende  3798] [user 13] [models.py:2460] - Logout - user.id: 13
Oct 29 20:06:36 aprende [service_variant=lms][audit][env:sandbox] INFO [aprende  3797] [user 17] [models.py:2450] - Login success - user.id: 17
Oct 29 20:06:59 aprende [service_variant=lms][student.helpers][env:sandbox] WARNING [aprende  3802] [user 17] [helpers.py:320] - Unsafe redirect parameter detected after login page: 'http://localhost:18010/'

Here is the full log

There is anything I can we do to be able to login from my subdomain?

Agrendalath · October 30, 2020, 9:52am

Hi @kike.ramirez,
it looks like this issue might be related to the changes to SameSite cookie behavior:

Do you have CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE set to true in /edx/etc/lms.yml? If not, you can do the following:

Set them to true in both /edx/etc/lms.yml and /edx/etc/studio.yml.
Restart your LMS with /edx/bin/supervisorctl restart lms cms.
If the login works fine now, the set these variables in your deployment configurations to retain them between deployments:
```
EDXAPP_CSRF_COOKIE_SECURE: true
EDXAPP_SESSION_COOKIE_SECURE: true
```

kike.ramirez · October 30, 2020, 8:05pm

HI @Agrendalath

Thanks for the suggestion.

I did set both values to true in both files and then restarted lms and cms, but didn’t work. This is the log result after that:

Oct 30 18:55:19 aprende [service_variant=lms][django.security.csrf][env:sandbox] WARNING [aprende  5726] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/
Oct 30 18:55:23 aprende [service_variant=lms][django.security.csrf][env:sandbox] WARNING [aprende  5733] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/
Oct 30 19:00:01 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  5734] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"
Oct 30 19:05:02 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  5736] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"
Oct 30 19:08:51 aprende [service_variant=lms][student.helpers][env:sandbox] WARNING [aprende  5733] [user None] [helpers.py:320] - Unsafe redirect parameter detected after login page: 'http://localhost:18010/'
Oct 30 19:10:02 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  5734] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"
Oct 30 19:15:04 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  5731] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"
Oct 30 19:20:03 aprende [service_variant=lms][openedx.core.lib.log_utils][env:sandbox] INFO [aprende  5731] [user None] [log_utils.py:37] - ApiKeyHeaderPermission used: ip="127.0.0.1", path="/notifier_api/v1/users/"

Here is the complete log file

Agrendalath · October 31, 2020, 10:54am

Hi @kike.ramirez,
I just noticed that you are not using SSL for your page, so my previous suggestion is not going to work. Could either revert it or add SSL to your page?

Before you applied these changes I disabled LAX in my browser and didn’t get this error on your page while trying to log in. Please try testing this (but only after applying one the changes I mentioned above in this comment) with Firefox after setting the following options set about:config:

network.cookie.sameSite.laxByDefault: false
network.cookie.sameSite.noneRequiresSecure: false

Alternatively you could also set:

network.cookie.sameSite.laxByDefault.disabledHosts: aprende.techo.org

kike.ramirez · October 31, 2020, 8:25pm

Finally got it to work.

What I did?

1. Re installed everything again. I noted that I made a mistake with the config.yml and my-passwords.yml files. On my first installation I saved them in home ~ instead of root / and installed OpenEdX on root / . So for the second installation I saved them in root / and installed also in root.

After that I noticed that I was able to sing-in from firefox with the changes suggested by @Agrendalath.

2. I found this suggesting to change

DCS_SESSION_COOKIE_SAMESITE = 'None'

to

DCS_SESSION_COOKIE_SAMESITE = 'lax'

in common.py ( /edx/app/edxapp/edx-platform/lms/envs ). So I did and worked.

That thread also suggested to add a line in /edx/etc/lms.yml with:

DCS_SESSION_COOKIE_SAMESITE: lax

But I’m not sure if that’s helpful or needed so I didn’t. Do you think that I must add that line in lms.yml?

Thanks in advance,

kike.ramirez · November 2, 2020, 2:05pm

So, for the record, I tried to add a line in /edx/etx/lms.yml with:

DCS_SESSION_COOKIE_SAMESITE: lax

and then restarted lms, cms and edxapp_worker:

/edx/bin/supervisorctl restart lms cms edxapp_worker:

And that was the easiest fix (I didn’t modified /edx/app/edxapp/edx-platform/lms/envs/common.py this time)

Franciosi · November 3, 2020, 1:45am

Same error, an worked for me as you said, only editing /edx/etx/lms.yml.

Thank you

Agrendalath · November 5, 2020, 3:31pm

For a one-time change it’s fine to apply it there. But this configuration will be lost once you reinstall your instance. If you want to preserve it, you can set EDXAPP_DCS_SESSION_COOKIE_SAMESITE: Lax in your configuration variables.

kike.ramirez · November 25, 2020, 6:18pm

Thanks!

So, in conclusion summarizing all your comments I guess the solution will be adding the next lines to the config.yml file when installing:

EDXAPP_CSRF_COOKIE_SECURE: true
EDXAPP_SESSION_COOKIE_SECURE: true
EDXAPP_DCS_SESSION_COOKIE_SAMESITE: lax

jhd235 · December 26, 2020, 1:05pm

Hi @kike.ramirez! Thank you for sharing the solution! I did the same changes, however, still “An error has occurred. Try refreshing the page, or check your Internet connection.”
regards, Yermek

Topic		Replies	Views
Failed to setup SSO that connecting to Google account Site Operations Help	2	1054	January 29, 2023
I can't access to edx studio Site Operations Help	2	706	June 1, 2021
Django auth for open edx third party authentication Site Operations Help	1	175	July 8, 2023
Problem registering a new user from the CMS Development studio , maple , nutmeg	0	828	August 15, 2022
Sign in does not work: https://openedx.microsoft.com/ Site Operations Help	1	586	September 4, 2019

Please some help loging-in!

We couldn’t sign you in.

Related Topics