Bug 1389122

Summary: disable local login does not work when cfme external auth is configured for IPA
Product: Red Hat CloudForms Management Engine Reporter: amogh <amavinag>
Component: ApplianceAssignee: abellott
Status: CLOSED CURRENTRELEASE QA Contact: Matt Pusateri <mpusater>
Severity: high Docs Contact:
Priority: high    
Version: 5.7.0CC: abellott, cpelland, dajohnso, jhardy, obarenbo, simaishi
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: auth:externalauth:freeipa:saml:ui
Fixed In Version: 5.8.0.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1428903 (view as bug list) Environment:
Last Closed: 2017-06-12 16:38:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1428903    

Description amogh 2016-10-26 22:07:33 UTC 
Description of problem:
disable local login does not work when cfme external auth is configured for IPA.

however, this option works fine when ext auth is configured with SAML. 

Version-Release number of selected component (if applicable):
5.7.0.7-beta1.20161025153249_9376fbd

How reproducible:
always.

Steps to Reproduce:
1. configure the cfme appliance for external auth IPA through appliance_console.
2. in the webui, check "Disable Local Login" option in configuration->Authentication page
3. Logout and login as "admin" user. Observe the admin user can login without any error.

In case of SAML the admin user login is not allowed when "Disable Local Login" is enabled. If this option is expected to work only with SAMl then needs to be display this only when "Enable SAML" is checked. Otherwise this option would confuse user.

Actual results:
disable local login does not work when cfme external auth is configured for IPA.

Expected results:
Login with local "admin" user is not expected to work. this option needs to be displayed only when saml configuration is enabled.
Comment 2 abellott 2016-12-05 16:01:12 UTC 
Correct, this option is only for SAML based authentication. Should be enabled only when SAML auth is checked.
Comment 3 CFME Bot 2017-01-20 21:38:01 UTC 
https://github.com/ManageIQ/manageiq-ui-classic/pull/210
Comment 4 CFME Bot 2017-01-24 10:53:07 UTC 
New commit detected on ManageIQ/manageiq-ui-classic/master:
https://github.com/ManageIQ/manageiq-ui-classic/commit/83278ea004c97b4cb2d0ba3012e798171e6586de

commit 83278ea004c97b4cb2d0ba3012e798171e6586de
Author:     Alberto Bellotti <abellott>
AuthorDate: Fri Jan 20 15:52:03 2017 -0500
Commit:     Alberto Bellotti <abellott>
CommitDate: Fri Jan 20 16:21:53 2017 -0500

    Only show Disable local login checkbox with SAML is enabled.
    
    The disable local login option is only in effect when External
    authentication mode and SAML and enabled.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1389122

 app/controllers/ops_controller/settings/common.rb    |  7 +++++++
 app/views/ops/_settings_authentication_tab.html.haml | 14 ++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)
Comment 8 Matt Pusateri 2017-03-08 22:40:37 UTC 
So did we make a change here that allows disabling of local logins for other auth types or is it still SAML only?
Comment 9 abellott 2017-03-09 02:21:14 UTC 
This is SAML only. We haven't had an Enhancement request from PM asking for this. Thanks.
Comment 10 Matt Pusateri 2017-04-28 15:36:14 UTC 
Verified in 5.8.0.12-rc1 that disable local login only appears now when SAML is checked.
Comment 11 Matt Pusateri 2017-04-28 16:16:40 UTC 
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1446704