Bug 1790817

Summary: Self Service Portal login pops up a username/password dialog box on the browser
Product: Red Hat CloudForms Management Engine Reporter: Mihir Lele <mlele>
Component: ApplianceAssignee: Martin Hradil <mhradil>
Status: CLOSED ERRATA QA Contact: Devidas Gaikwad <dgaikwad>
Severity: low Docs Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Priority: low    
Version: 5.10.14CC: abellott, dmetzger, jocarter, mhradil, mshriver, obarenbo, simaishi, smallamp
Target Milestone: GAKeywords: ZStream
Target Release: 5.11.5Flags: pm-rhel: cfme-5.11.z+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 5.11.5.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-05 13:43:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Bug
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screenshot none

Description Mihir Lele 2020-01-14 09:53:14 UTC 
Created attachment 1652148 [details]
screenshot

Description of problem:

Self Service Portal login pops up a username/password dialog box on the browser after httpd external authentication is enabled on the Cfme appliance.

Version-Release number of selected component (if applicable): 5.10


How reproducible: Always


Steps to Reproduce:
1. Enable httpd authentication on the UI appliance
2. Try to login using self-service portal
3. Issue is being faced irrespective of whether its a local user (like: admin) or an external user

Actual results:  The self-service login pops up a username/password dialogue on the browser

Expected results:


Additional info:

This issue is only faced while trying to login to the self service portal.

Attaching screenshot of the view. 

Issue is not specific to a particular browser
Comment 3 dmetzger 2020-01-16 19:39:14 UTC 
Please retest with 5.10.14
Comment 7 Dave Johnson 2020-02-04 06:46:05 UTC 
No requestee for needinfo set, can you take a look and determine where this should go?
Comment 9 Dave Johnson 2020-02-11 06:46:08 UTC 
No requestee for needinfo set, can you take a look and determine where this should go?
Comment 14 Martin Hradil 2020-02-13 20:20:02 UTC 
https://github.com/ManageIQ/manageiq-appliance/pull/272
Comment 15 Dave Johnson 2020-02-18 06:46:18 UTC 
No requestee for needinfo set, can you take a look and determine where this should go?
Comment 16 Dave Johnson 2020-02-25 06:46:26 UTC 
No requestee for needinfo set, can you take a look and determine where this should go?
Comment 18 CFME Bot 2020-02-25 17:30:36 UTC 
New commit detected on ManageIQ/manageiq-appliance/master:

https://github.com/ManageIQ/manageiq-appliance/commit/e47f2ecda2fd99acf9118913a1947820b8f8ca43
commit e47f2ecda2fd99acf9118913a1947820b8f8ca43
Author:     Martin Hradil <mhradil>
AuthorDate: Thu Feb 13 20:13:36 2020 +0000
Commit:     Martin Hradil <mhradil>
CommitDate: Thu Feb 13 20:13:36 2020 +0000

    manageiq-external-auth: do NOT require authentication for /api/product_info

    API has 2 sets of requests which can go in unauthenticated:

        app/controllers/api/base_controller.rb
        25:    before_action :require_api_user_or_token, :except => [:options, :product_info]
        27:    before_action :validate_api_request, :except => [:product_info]
        28:    before_action :validate_api_action, :except => [:options, :product_info]

    That's OPTIONS requests, and a GET for /api/product_info.

    We don't need OPTIONS quite yet (except for CORS preflight, which is not supported for the API currently),

    but the Service UI is relying on unauthenticated /api/product_info to retrieve the URLs for brand assets (like the login screen logo).

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1790817

 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth.conf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 19 CFME Bot 2020-03-19 20:30:32 UTC 
New commit detected on ManageIQ/manageiq-appliance/ivanchuk:

https://github.com/ManageIQ/manageiq-appliance/commit/fe254e3689727ca2cb5be3ac7d238270376578a8
commit fe254e3689727ca2cb5be3ac7d238270376578a8
Author:     Brandon Dunne <bdunne>
AuthorDate: Tue Feb 25 17:29:42 2020 +0000
Commit:     Brandon Dunne <bdunne>
CommitDate: Tue Feb 25 17:29:42 2020 +0000

    Merge pull request #272 from himdel/bz1790817

    manageiq-external-auth: do NOT require authentication for /api/product_info
    (cherry picked from commit 739ae404f7559d3e63d5bd759fad90f68ab99c05)

    https://bugzilla.redhat.com/show_bug.cgi?id=1790817

 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth.conf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 20 Devidas Gaikwad 2020-04-15 14:12:56 UTC 
Applied httpd auth and logged in self service portal.
It is working fine without any prompt.
Build Version:5.11.5.0
Comment 23 errata-xmlrpc 2020-05-05 13:43:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2020