Bug 1399479
Summary: | [SSO][Regression] SSO failure when LoginOnBehalf is called | ||||||
---|---|---|---|---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Gonza <grafuls> | ||||
Component: | AAA | Assignee: | Ravi Nori <rnori> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Gonza <grafuls> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 4.1.0 | CC: | amarchuk, bugs, mperina | ||||
Target Milestone: | ovirt-4.1.0-alpha | Flags: | rule-engine:
ovirt-4.1+
rule-engine: blocker+ |
||||
Target Release: | 4.1.0.2 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-02-15 15:07:02 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Gonza
2016-11-29 06:57:32 UTC
Verified with: ovirt-engine-4.1.0-0.2.master.20161213122836.git2cd5587.el7.centos.noarch ovirt-engine-extension-aaa-ldap-1.3.1-0.0.master.20170115190508.gitda48d9d.el7.noarch # curl -v -k --negotiate -u : https://example.com/ovirt-engine/api * About to connect() to example.com port 443 (#0) * Trying {IP}... * Connected to example.com ({IP}) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: CN=example.com,O=rhev.lab.eng.brq.redhat.com,C=US * start date: Nov 28 08:51:11 2016 GMT * expire date: Nov 03 08:51:11 2021 GMT * common name: example.com * issuer: CN=example.com.41406,O=rhev.lab.eng.brq.redhat.com,C=US > GET /ovirt-engine/api HTTP/1.1 > User-Agent: curl/7.29.0 > Host: example.com > Accept: */* > < HTTP/1.1 401 Unauthorized < Date: Fri, 03 Feb 2017 15:00:30 GMT < Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.4.0 < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < WWW-Authenticate: Negotiate < Cache-Control: no-cache < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < Content-Length: 163 < Content-Type: text/html; charset=iso-8859-1 < * Ignoring the response-body * Connection #0 to host example.com left intact * Issue another request to this URL: 'https://example.com/ovirt-engine/api' * Found bundle for host example.com: 0x11eef20 * Re-using existing connection! (#0) with host example.com * Connected to example.com ({IP}) port 443 (#0) * Server auth using GSS-Negotiate with user '' > GET /ovirt-engine/api HTTP/1.1 > Authorization: Negotiate ... > User-Agent: curl/7.29.0 > Host: example.com > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 03 Feb 2017 15:00:31 GMT < Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.4.0 < WWW-Authenticate: Negotiate ... < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < Content-Type: application/xml < Content-Length: 4120 < Correlation-Id: 7ebfaa40-89d8-45e3-a2ab-856b17e7d93b < Link: ... < Vary: Accept-Encoding < Cache-Control: no-cache < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <api> ... </api> * Closing connection 0 |