Bug 1409653

Summary: need to ensure logging in after a failed SAML login doesn't try to reload the error page
Product: [Community] Bugzilla Reporter: Mikolaj Izdebski <mizdebsk>
Component: Bugzilla GeneralAssignee: Jeff Fearn 🐞 <jfearn>
Status: CLOSED NEXTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.0CC: agk, dustymabe, huiwang, mizdebsk, qgong
Target Milestone: 5.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.0.3.rh29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-15 03:11:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mikolaj Izdebski 2017-01-02 19:07:58 UTC 
In beta.bugzilla.redhat.com, when I browse to "Login" -> "Red Hat Associate", I am getting a "Verification Failed" page with the following error detail:

The IDP's reply failed validation: no element found at line 1, column 0, byte -1: 14^ 0160464081408 at /usr/lib64/perl5/vendor_perl/XML/Parser.pm line 187. . 

Notes:
I have a valid Kerberos ticket.
My web browser is configured for Kerberos and GSSAPI auth.
Bugzilla version: 5.0.3.rh18
Bugzilla web interface claims that "The Red Hat Associate (RHA) IDP is now working!"
Comment 1 Jeff Fearn 🐞 2017-01-08 23:43:44 UTC 
This is working for me, are you still having a problem?
Comment 2 Mikolaj Izdebski 2017-01-09 12:31:00 UTC 
Yes, it is still reproducible for me.

Reproducer:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, it fails, as expected
4. try to login as Red Hat associate

4th step fails, but I would expect it to succeed.
Comment 3 Alasdair Kergon 2017-04-20 00:03:19 UTC 
*** Bug 1443769 has been marked as a duplicate of this bug. ***
Comment 6 Alasdair Kergon 2017-04-20 00:21:22 UTC 
(In reply to Mikolaj Izdebski from comment #2)

> 4. try to login as Red Hat associate
> 
> 4th step fails, but I would expect it to succeed.

For me, it *does* login successfully - as I can see if I move to another page - but it is still showing the error page, with 'Login' on the top right.
Comment 7 Rony Gong 🔥 2017-05-09 08:03:29 UTC 
Tested on QA environment(5.0.3-rh28)(bzweb-01.dev.eng.bne.redhat.com)
Result: Fail
Steps:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, page show error:

Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. . 

4. try to login as Red Hat associate again by click 'Login', then 'Red Hat Associate', page still show error:

 Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. .
Comment 8 Rony Gong 🔥 2017-05-12 06:51:54 UTC 
Tested on dev environment(5.0.3-rh28)(bzweb-01.dev.eng.bne.redhat.com)
Result: Pass
Steps:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, page show error:

Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. . 

4. try to login as Red Hat associate again by click 'Login', then 'Red Hat Associate', Could login automatically