I have logged into Sota Watch 3 and the next day when I go there it asks me to log in again. It doesn’t remember me as the reflector does from day to day. What am I doing wrong?
Brad N1VWD
The reflector uses a different login which is why you have 2 different logins, one for the reflector and one for SSO (SOTAwatch, datatbase, maps etc.)
The SSO login is valid for 30 days before you need to log in again. For a long time this was the case. But… there is something odd about Firefox on Windows that causes a perfectly valid SSO login to time out after about 1 day instead of 30. Happens to me and other Firefox users. I haven’t looked for the reason in detail and I’m not sure if it happens on other browsers. I haven’t checked if a Linux login on Firefox is staying valid for more than a day.
Again it could be to do with whether the machine is sleeping or suspended/hibernated. Again I haven’t checked in detail.
So you are not alone. It’s probably something to do with sleeping but once re-logged, it stays fine until the next morning.
2 Likes
Same here. It used to work some month ago ( when SSO was introduced) but since some month I have to relogin.
And indeed it happens on Firefox.
I need to check settings back at home.
https://support.mozilla.org/en-US/questions/1307792
But also on Chrome on the phone.
1 Like
It will be some kind of issue between sleeping computers and the SSO server.
When you login in (off the top of my head so I may have the exact order wrong) SSO gives you an access token and refresh token. When you access a page on SOTAwatch say, your software (browser or app) includes the access_token and refresh token in the data it sends to the server. SOTAwatch can check if the access token is valid and if it is, then your request works (place a spot for example). If it isn’t SOTAwatch uses your refresh token to get a new access token and sends them back to you and does what you asked. If the refresh token doesn’t work then you have to login to SSO again.
The access token lives for something like 10mins after which it is no longer valid and needs refreshing using the refresh token. The refresh token lives for 30 days. After that you need to login again to get a new access and refresh token.
The fact this fails before the 30 days is up suggests something with the refresh token is not working. Is it Firefox, is it Windows after a sleep, is SSO and whatever Firexfox does? Don’t know.
Why all this palaver? Well the tokens are encrypted with information that verifies you are the person who logged in. The access token only being valid for a few minutes limits the length of time since you were last verified as really being you. When you access another SOTA service, your browser includes the tokens you got from when you logged in to SOTAwatch and passes them to the database for example which can uses them to check your are who your claim and then lets you start using the DB without having to log in again. That’s the whole purpose of SSO, it verifies who you are, limits the time since you were last verfied, allows multiple apps/webpages to share the one login, hence SINGLE SIGN ON or SSO.
That’s how it’s meant to work.
1 Like
Confirming I have observed the same behaviour on Firefox/windows 10, also on Safari/IOS.
Without looking at the cookies I assumed they were being set to expire within half a day or so, but from what you say, not so.
I think I’ve been using Firefox for 4 or more months, previously used Chrome. (Vainly hoping to reduce google’s eyes on my browsing.) But it is certainly different from how it had worked for the preceding year.
Fortunately logging back in is pretty quick. I use a password manager and it plonks in the password fairly quickly.
73 Andrew vk1da
1 Like
a cookie named _t is being set to expire in 2 months. but the session cookie _forum_session expires at the end of the session. I guess putting the computer into hibernation marks a session end.
I just looked and the timeout values on the server look sensible.
The SMS spotter has an SSO login just like users have. The 30day max login is working because it last logged in on Aug 2nd 10:51Z and is still logged in now 21days later.
That suggests it’s something else.
1 Like
Hi,
I have no problem with chrome, Win10 Versión 10.0.19041 compilación 19041
73
At least I am not alone. Thank you for all the replies to my question. I to am using Firefox and Windows 10.
Brad N1VWD
This morning (using Edge browser as usual), I cannot log in, using SSO to sotamaps (https://www.sotamaps.org/) - I have tried three times and get the following error (followed by another error popup box that simply says “ouch”).
The world map screen loaded (perhaps from cache) fine to start with and then I saw I was not logged in, so I clicked on login - got the correct SSO login screen, filled it in and then got this error.
Any ideas?
73 Ed.
Update:
Trying SSO login from other SOTA pages, now takes me into this “keycloak” screen:
Is this an SSO problem rather than a SOTAMaps one perhaps?
73 Ed.
The Keycloak page is because you are probably trying to log into the Keycloak servers not SSO.
I get the same error for Sotamaps, I can’t login to the server itself from work to see what the logs are saying. It will have to wait till either Andrew gets a moment of free time or I get "“home”.
I was logged in to Sotamaps so logged out and logged in again and I got the correct login page. I’m not sure what went wrong for you when you tried to login. The overall status page shows everything is up and working. Sotamaps is up and working, just not talking to its local DB which is just a slightly different definition of working 
It was an SMP error - see other thread. If it was an SSO error, nothing would log in (apart from the reflector)
Confirming, working fine for me again now - thanks.