Bug 1376654

Summary: GSSPROXY / External user can't consume API
Product: Red Hat Satellite Reporter: Waldirio M Pinheiro <wpinheir>
Component: Users & RolesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.0CC: dhawke, egolov, inecas, jcallaha, mmithaiw, Nishit.J.Patel, oshtaier
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-05 07:23:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Waldirio M Pinheiro 2016-09-16 05:22:35 UTC 
Description of problem:
After do the "Active Directory Directly" configuration, according documentation [1], is not possible consume API using the this credential, although it's possible authenticate via webUI. I did test with user role and administrative role, still without permission to consume API.


[1]. https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/server-administration-guide/94-using-active-directory-directly

Version-Release number of selected component (if applicable):


How reproducible:
100%


Steps to Reproduce:
1. Configure authentication according [1]
2. Login with user account (<user login>@<domain>)
3. Via cli, run the command below
- curl -X GET -k -u <user login>@<domain> -H "Accept:application/json" https://<satellite server fqdn>/katello/api/organizations
4. Define administrative role to user
5. Redo the test via cli
- curl -X GET -k -u <user login>@<domain> -H "Accept:application/json" https://<satellite server fqdn>/katello/api/organizations

Actual results:
Enter host password for user '<user login>@<domain>':
{
  "error": {"message":"Unable to authenticate user <user login>@<domain>"}
}

Expected results:
Organization list

Additional info:
Comment 3 Evgeni Golov 2017-04-05 15:10:05 UTC 
I wonder if this is a dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1266407? aka http://projects.theforeman.org/issues/11317
Comment 5 Ivan Necas 2018-04-05 07:23:06 UTC 
I agree with Evgeni about the dupe with 1266407

*** This bug has been marked as a duplicate of bug 1266407 ***