Bug 1505922

Summary: Auth External Auth - FreeIPA - Users get 400 /auth/api error message upon login to classic UI.
Product: Red Hat CloudForms Management Engine Reporter: Matt Pusateri <mpusater>
Component: ApplianceAssignee: Joe Vlcek <jvlcek>
Status: CLOSED CURRENTRELEASE QA Contact: Matt Pusateri <mpusater>
Severity: high Docs Contact:
Priority: high    
Version: 5.9.0CC: abellott, awight, jhardy, mhradil, mpusater, obarenbo, smallamp
Target Milestone: GAKeywords: Regression, TestOnly
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: auth:externalauth
Fixed In Version: 5.10.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1509416 (view as bug list) Environment:
Last Closed: 2018-06-21 20:28:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1509416    
Attachments:
Description Flags
API Error message screenshot none

Description Matt Pusateri 2017-10-24 14:51:08 UTC 
Description of problem:
Once logged in Users get /auth/api 400 error message when logging into classic ui 


Version-Release number of selected component (if applicable):
5.9.0.2 

How reproducible:


Steps to Reproduce:
1. Setup External Auth (FreeIPA, but maybe other too)
2. Log into classic UI, with valid user.
3.

Actual results:
User gets 400 /auth/api error message (see screenshot)

Expected results:

No error message

Additional info:
Comment 2 Matt Pusateri 2017-10-24 14:52:26 UTC 
Created attachment 1342807 [details]
API Error message screenshot
Comment 3 Matt Pusateri 2017-10-24 14:54:08 UTC 
Firefox version 55.0.3, I originally thought this was related to Firefox beta 57. But it happens in older Firefox as well. Firefox version 55.0.3, I originally thought this was related to Firefox beta 57. But it happens in older Firefox as well.
Comment 4 Matt Pusateri 2017-10-24 17:21:20 UTC 
Also appears to happen on logout and a 401 on session timeout.  Session timeout kind of makes sense, but seems like we should trap that error if possible and display a better error message.
Comment 5 Allen W 2017-10-24 18:39:50 UTC 
Can confirm this occurs in all browsers, (tested chrome, safari)
Comment 6 Joe Vlcek 2017-10-26 21:39:02 UTC 
Matt,

I the user logged in and able to user the appliance?

Is the only issue that the "Server Error (API) pop-up shows up?

Once the pop-up is dismissed do things work OK?

JoeV
Comment 7 Matt Pusateri 2017-10-27 13:27:27 UTC 
As far as I know yes, it's only the pop-up error.  Though on SSUI you can't even log in. But I think that's being worked in another ticket.  I didn't extensively test that everything works...
Comment 9 CFME Bot 2017-11-02 21:31:39 UTC 
https://github.com/ManageIQ/manageiq/pull/16386
Comment 10 CFME Bot 2017-11-02 22:56:39 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/20dd38d0606e3708d473744148445d197101fbfb

commit 20dd38d0606e3708d473744148445d197101fbfb
Author:     Joe VLcek <jvlcek>
AuthorDate: Thu Nov 2 17:05:27 2017 -0400
Commit:     Joe VLcek <jvlcek>
CommitDate: Thu Nov 2 17:05:27 2017 -0400

    External auth lookup_by_identity should handle missing request parameter
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1505922

 app/models/authenticator/httpd.rb       | 12 +++++++-----
 spec/models/authenticator/httpd_spec.rb |  4 ++++
 2 files changed, 11 insertions(+), 5 deletions(-)