当我尝试使用 Omniauth + 时,为什么 heroku 超时?谷歌应用程序?
我正在尝试使用 Omniauth 来针对 Google Apps 提供简单、基本的身份验证。本地一切工作正常(即使在生产模式下),但在 Heroku 上我得到以下信息:
app[web.1]: Started GET "/auth/admin" for 24.155.228.161 at Fri Jul 22 15:10:26 -0700 2011
heroku[router]: Error H12 (Request timeout) -> GET example.com/auth/admin dyno=web.1 queue= wait= service=30000ms status=503 bytes=
heroku[router]: Error H12 (Request timeout) -> GET example.com/ dyno=web.1 queue= wait= service=30000ms status=503 bytes=0
app[web.1]: Generated checkid_setup request to https://www.google.com/a/example.com/o8/ud?be=o8 with assocication AOQobUegRUNfEpz1JOO2bZe0zXrjkdIvdsjpVyCh3rtbL_s-GSfhQ_zY
我的设置如下;
# initializers/omniauth.rb
require "openid/fetchers"
OpenID.fetcher.ca_file = "#{Rails.root}/cacert.crt"
require 'openid/store/filesystem'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_apps, OpenID::Store::Filesystem.new('./tmp')
use OmniAuth::Strategies::GoogleApps, OpenID::Store::Filesystem.new('./tmp'), :name => 'admin', :domain => 'bcarc.com' #, :client_options => {:ssl => {:ca_file => './cacert.crt'}}
end
我尝试切换到 memcached,但我无法让 memcached-northscale 或 dalli 工作,并且无论如何我已经验证了随机数是否已保存在 ./tmp 中正确,所以我不认为这是问题所在。
我收到有关 CA 证书的错误,但向获取器指定证书文件解决了该问题,但仍然超时。
有什么建议吗?
更新: 我已追踪到 OmniAuth 的回调处理程序。请求被发送到 Google Apps,但回调在回调控制器有机会执行任何操作之前超时。
I'm trying to use Omniauth to provide simple, basic authentication against Google Apps. Everything works fine locally (even in production mode), but on Heroku I get the following:
app[web.1]: Started GET "/auth/admin" for 24.155.228.161 at Fri Jul 22 15:10:26 -0700 2011
heroku[router]: Error H12 (Request timeout) -> GET example.com/auth/admin dyno=web.1 queue= wait= service=30000ms status=503 bytes=
heroku[router]: Error H12 (Request timeout) -> GET example.com/ dyno=web.1 queue= wait= service=30000ms status=503 bytes=0
app[web.1]: Generated checkid_setup request to https://www.google.com/a/example.com/o8/ud?be=o8 with assocication AOQobUegRUNfEpz1JOO2bZe0zXrjkdIvdsjpVyCh3rtbL_s-GSfhQ_zY
My setup is as follows;
# initializers/omniauth.rb
require "openid/fetchers"
OpenID.fetcher.ca_file = "#{Rails.root}/cacert.crt"
require 'openid/store/filesystem'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_apps, OpenID::Store::Filesystem.new('./tmp')
use OmniAuth::Strategies::GoogleApps, OpenID::Store::Filesystem.new('./tmp'), :name => 'admin', :domain => 'bcarc.com' #, :client_options => {:ssl => {:ca_file => './cacert.crt'}}
end
I've tried switching to memcached, but I can't get either memcached-northscale or dalli to work, and in any case I've verified that nonces are being saved in ./tmp correctly, so I don't think that's the problem.
I was getting an error about CA certs, but specifying the certificates file to the fetcher solved that, and I'm still getting the timeout.
Any suggestions?
UPDATE:
I've tracked this down to the OmniAuth's callback handler. The request gets sent to Google Apps, but the callback times out before the callback controller has a chance to do anything.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
好吧,经过一番费解之后,看来这是 OmniAuth handline Google Apps URI 的问题。我最终使用了普通的 google OpenID 端点,然后手动验证控制器中的域。对于任何感兴趣的人,我的代码现在看起来像这样:
前两行消除了 Heroku 抛出的一些 SSL 警告。我使用
./tmp进行文件存储,效果很好。在我的控制器中,我有一个 if/then 子句,用于检查经过身份验证的电子邮件中的域并重定向到告诉用户选择正确帐户的页面。这不是一个理想的解决方案,但我无法使用任何特定于应用程序的 OpenID 标识符来完成任何工作。
OK, so after much hair-pulling it looks like this is a problem with OmniAuth handline Google Apps URI's. I've ended up using the plain vanilla google OpenID endpoint and then verifying the domain in my controller manually. For anyone that's interested, my code looks like this now:
The first two lines eliminate some SSL warnings Heroku throws. I'm using
./tmpfor file storage and that's working just fine. In my controller I have an if/then clause that checks for my domain in the authenticated email and redirects to a page telling the user to select the correct account.This isn't an idea solution, but I was unable to get anything to work using either app-specific OpenID identifiers.
我有同样的问题,但只有当我尝试对与 heroku 应用程序响应的域相同的域进行身份验证时才会出现这种情况。针对谷歌应用程序上的其他域进行身份验证工作正常。
我相信这个问题是因为存在某种从 google 或omniauth gem 到domain/openid?=some_number 的阻塞pingback。因为 dyno 正忙于处理 /auth/google_apps 的请求,所以它无法回答其他请求,因此超时。如果我找到避免该阻塞请求的方法,我会通知您。
I have the same issue, but it's only when I try to authenticate against the same domain as the domain the heroku app is responding to. Authenticating against other domains on google apps work fine.
I believe the issue is because there is some kind of blocking pingback either from google or the omniauth gem, to domain/openid?=some_number. Because the dyno is busy serving the request for /auth/google_apps then it can't answer the other request and hence it times out. I'll let you know if I figure out a way to avoid that blocking request.
我在开发中也遇到了同样的问题。基于@Kerinin 的辛勤工作,这就是我最终得到的结果,并且到目前为止似乎正在工作......
I was having the same problem in development. Based off @Kerinin's hard work, this what I ended up with, and seems to be working so far...