Bug 1422551
| Summary: | External authentication works when logging into the Admin UI but doesn't work for the same user to get into the Service UI | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | cwyatt | ||||
| Component: | UI - Service | Assignee: | Josh Langholtz <jlanghol> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Matt Pusateri <mpusater> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 5.7.0 | CC: | ckacergu, cpelland, dclarizi, jhardy, obarenbo, simaishi | ||||
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | ||||
| Target Release: | 5.8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | auth:externalauth:ad:freeipa:ssui | ||||||
| Fixed In Version: | 5.8.0.2 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1429650 (view as bug list) | Environment: | |||||
| Last Closed: | 2017-06-12 17:08:07 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | CFME Core | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1429650 | ||||||
| Attachments: |
|
||||||
These instructions were followed to configure the external authentication to AD https://access.redhat.com/articles/2037663 New commit detected on ManageIQ/manageiq-ui-service/master: https://github.com/ManageIQ/manageiq-ui-self_service/commit/88598e53b8e432688b5d853d8b1e1fd902b97a59 commit 88598e53b8e432688b5d853d8b1e1fd902b97a59 Author: Josh Langholtz <jjlangholtz> AuthorDate: Wed Feb 22 09:57:00 2017 -0500 Commit: Josh Langholtz <jjlangholtz> CommitDate: Wed Feb 22 09:57:00 2017 -0500 Set X-Miq-Group header for every request Break down `Session.create` into two distinct setters because the auth token and miq group values come from two separate HTTP requests. The group value is returned as part of the user object when the authorizations request is made. https://www.pivotaltracker.com/story/show/140246987 https://bugzilla.redhat.com/show_bug.cgi?id=1422551 client/app/core/authentication-api.factory.js | 2 +- client/app/core/authorization.config.js | 6 ++---- client/app/core/session.service.js | 17 ++++++++++++----- client/app/core/session.service.spec.js | 6 +++--- 4 files changed, 18 insertions(+), 13 deletions(-) Validated in External Auth FreeIPA,AD,OpenLDAP 5.8.0.14-rc3 |
Created attachment 1250622 [details] Unable to login to Service UI Description of problem: User's are unable to login to the Service UI when external authentication is specified as the login mechanism for CloudForms 4.2. The same user is able to login to the Admin UI without issues, but when they tried to login to the Service UI, they are presented with the message "Error! User does not have privileges to login." Version-Release number of selected component (if applicable): 5.7.0.17.20161219135818_725f92f How reproducible: 100% Steps to Reproduce: 1. Configure external authentication to Active Directory using the instructions listed here 2. Create a CloudForms group for the Active Directory group that the user is a member of 3. Login to the Admin UI to verify that the test user can login successfully 4. Attempt to login to the Service UI Actual results: Unable to login to Service UI with Active Directory user - "Error! User does not have privileges to login." Expected results: User is able to login to both the Admin UI and the Service UI Additional info: