Bug 1775684
| Summary: | Need the ability to configure the appliance for SAML using the appliance console CLI. | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Satoe Imaishi <simaishi> |
| Component: | Appliance | Assignee: | abellott |
| Status: | CLOSED ERRATA | QA Contact: | John Dupuy <jdupuy> |
| Severity: | medium | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | high | ||
| Version: | unspecified | CC: | abellott, dmetzger, jdupuy, jfrey, obarenbo, simaishi |
| Target Milestone: | GA | Keywords: | ZStream |
| Target Release: | 5.11.1 | Flags: | simaishi:
cfme-5.11.z+
simaishi: mirror+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 5.11.1.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1767108 | Environment: | |
| Last Closed: | 2019-12-13 00:35:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1767108 | ||
| Bug Blocks: | |||
|
Comment 2
CFME Bot
2019-11-22 15:05:35 UTC
New commit detected on ManageIQ/manageiq-appliance/ivanchuk: https://github.com/ManageIQ/manageiq-appliance/commit/7dec167935821fbd528f2dd6e6b6e5e357c0d5bb commit 7dec167935821fbd528f2dd6e6b6e5e357c0d5bb Author: Jason Frey <jfrey> AuthorDate: Fri Nov 22 09:44:50 2019 -0500 Commit: Jason Frey <jfrey> CommitDate: Fri Nov 22 09:44:50 2019 -0500 Merge pull request #264 from abellotti/updated_dependencies_for_appliance_console Updated dependencies to pick up latest manageiq-appliance_console (cherry picked from commit 435ef0792ab8fb6afb18155713ab16b043bbcf0c) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1775684 manageiq-appliance-dependencies.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Awesome stuff! Verified in CFME 5.11.1.1.20191122174937_707df01 Steps of verification: 1) ssh into appliance 2) Run 'appliance_console_cli --saml-config --saml-idp-metadata='http://<qe-rhsso-server>/auth/realms/<testing-realm>/protocol/saml/descriptor' 3) Download the "miqsp-metadata.xml" file to local machine 4) Import the "miqsp-metadata.xml" file to our RHSSO server 5) Point browser at appliance URL 6) Click "Login to Corporate Account" 7) Login with some user on the SSO 8) Verified that login went through 9) Logout 10) Unconfigured saml with "appliance_console_cli --saml-unconfig" 11) Logged in as the super user to verify that DB authentication still works. One area for improvement could be the manual steps involved in steps (4) and (5). Is there any Keycloak API library that could (optionally) be used to make the client for the appliance on the Keycloak/RHSSO server during the initial saml-config command? For instance, our SSO server has all the mappers defined in a default client scope and then I use the python-keycloak API library to create the client. (code here: https://github.com/ManageIQ/integration_tests/blob/d8d4d51abcd51f25ab66d506eff7f7443bae1bed/cfme/utils/appliance/__init__.py#L2270-L2295) Definitely would be an RFE, but just a thought. Thanks John for kicking the tire !! Looks like it should be doable, I see a REST API on the keycloak server that would help there https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_clients_resource Yeah, RFE for that. However, it would be keycloak specific, the CLI enhancement here is provider independent. Something to keep in mind, would be nice to support others too, (at least the common ones (there are so many). Alberto Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:4201 |