Bug 1750440

Summary: "Invalid System Authentication Token specified" when provisioning a VM from gloal on remote logged-in with ldap configured only on global
Product: Red Hat CloudForms Management Engine Reporter: Jaroslav Henner <jhenner>
Component: DocumentationAssignee: Red Hat CloudForms Documentation <cloudforms-docs>
Status: CLOSED WONTFIX QA Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Severity: medium Docs Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Priority: medium    
Version: 5.11.0CC: dmetzger, jhardy, jvlcek, kdixon, mshriver, obarenbo
Target Milestone: GAKeywords: Reopened
Target Release: 5.11.z   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-14 18:48:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Documentation Target Upstream Version:
Embargoed:
Attachments:
Description Flags
logs.global
none
logs.remote none

Description Jaroslav Henner 2019-09-09 15:27:44 UTC
Description of problem:
When user logs-in using ldap that is configured only on Global region appliance and tries to create vm on provider that has been added in the appliance on Remote region, the error flash message 
"Invalid System Authentication Token specified" 
appears and the VM is not created

When I try the same using the everyday-normal admin user, the VM is created.

Version-Release number of selected component (if applicable):
Neither of these deployments worked:
Version 5.11.0.23.20190904213640_d113674
Version 5.10.10.0.20190905201238_76e3ac6 

How reproducible:
I tried in 5.10 and migrated the db and tried on 5.11 as well (while I had to re-initiate the replication)


Steps to Reproduce:
0. Take unconfigured VMs (as they need different regions)
1. Configure db, make sure they have same v2_key
2. Configure replication
3. Configure LDAP on the Global VM, create user group with users from LDAP, set users privs to super-admin
4. Log-in as ldap user
5. Try creating a VM

Actual results:
Error creating a VM

Expected results:
VM created

Additional info:

Comment 2 Jaroslav Henner 2019-09-09 15:28:28 UTC
Created attachment 1613226 [details]
logs.global

Comment 3 Jaroslav Henner 2019-09-09 15:28:51 UTC
Created attachment 1613227 [details]
logs.remote

Comment 4 Joe Vlcek 2019-09-10 13:48:09 UTC
This is not a bug. The authentication must be configured in the remote regions. That is how it is designed to work.

I am going to close this as not a bug.

If this does not work after the authentication configuration in the global has been configured in the remote please
reopen.

Thank you, JoeV

Comment 5 Jaroslav Henner 2019-09-10 14:07:58 UTC
I see no occurence about Centralized admin in  https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html-single/managing_authentication_for_cloudforms/index

Nor I see no occurence of LDAP in https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html-single/high_availability_guide/index

I think the fact that LDAP needs to be configured on both instances should be documented somewhere. I think the doc for the authentication would be the palce to put it in.