Bug 1827039

Summary: Error retrieving OpenID userinfo [RHV clone - 4.3.10]
Product: Red Hat Enterprise Virtualization Manager Reporter: RHV bug bot <rhv-bugzilla-bot>
Component: ovirt-engineAssignee: Artur Socha <asocha>
Status: CLOSED ERRATA QA Contact: Petr Matyáš <pmatyas>
Severity: high Docs Contact:
Priority: high    
Version: 4.3.9CC: achareka, jon.tobin, michal.skrivanek, mperina, pchavva, pelauter, pratik.narode, rhodain, rmcswain
Target Milestone: ovirt-4.3.10Keywords: EasyFix, Regression, ZStream
Target Release: 4.3.10   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: GSSApproved
Fixed In Version: ovirt-engine-4.3.10.1 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1825907 Environment:
Last Closed: 2020-06-04 15:04:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1825907    
Bug Blocks:    

Description RHV bug bot 2020-04-23 06:19:42 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1825907 +++
======================================================================

Description of problem:

An error is returned when trying to retrieve the OpenID userinfo

Version-Release number of selected component (if applicable):
4.3.9.4

How reproducible:
Always

Steps to Reproduce:
1. Get an access token from the API
~~~
token=$(curl -s -k -H 'Accept: application/json' "https://${engine}/ovirt-engine/sso/oauth/token?grant_type=password&scope=ovirt-app-api&username=admin@internal&password=redhat" | jq -r '.access_token')
~~~
2. Try to retrieve the OpenID userinfo:
~~~
curl -s -k -H "Accept: application/json" -H "Authorization: Bearer ${token}" "https://${engine}/ovirt-engine/sso/openid/userinfo?access_token=${token}"
~~~

Actual results:
{"error_description":"WELD-001437: Bean type class org.ovirt.engine.core.sso.utils.openid.OpenIdService is not proxyable because it is final - <unknown javax.enterprise.inject.spi.Bean instance>.","error":"server_error"}

Expected results:
Obtain the actual user information

Additional information:
The same request works in previous versions.

(Originally by Miguel Martin Villamuelas)
Comment 9 RHV bug bot 2020-04-23 06:20:01 UTC 
This is a clone candidate and ultimately a 4.4 bug entry. Do not add ZStream kw nor ack 4.3.z flag prior to cloning. 
No data loss - decreasing severity

(Originally by michal.skrivanek)
Comment 13 Martin Perina 2020-04-24 10:54:34 UTC 
Moving back to MODIFIED, not included in latest 4.3.10 build
Comment 15 Martin Perina 2020-04-24 12:48:30 UTC 
Moving back to MODIFIED, not included in latest 4.3.10 build
Comment 17 Petr Matyáš 2020-05-04 10:34:42 UTC 
Apparently still not included in the latest build.

Using ovirt-engine-4.3.10-0.2.el7.noarch this still fails with:
{"error_description":"WELD-001437: Bean type class org.ovirt.engine.core.sso.utils.openid.OpenIdService is not proxyable because it is final - <unknown javax.enterprise.inject.spi.Bean instance>.","error":"server_error"}
Comment 19 Petr Matyáš 2020-05-12 15:36:52 UTC 
Verified on ovirt-engine-4.1.11.2-0.1.el7.noarch

Now the request returns JSON Web Token and no errors.
Comment 20 Petr Matyáš 2020-05-12 15:37:38 UTC 
Wrong machine...ovirt-engine-4.3.10.1-0.1.master.el7.noarch
Comment 22 errata-xmlrpc 2020-06-04 15:04:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2396