Bug 1835853
| Summary: | No user authentication type in web ui | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Leonid Kanter <leon> | ||||
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | --- | CC: | amore, frenaud, ksiddiqu, pasik, rcritten, ssidhaye, stsymbal, tscherf, twoerner | ||||
| Target Milestone: | rc | Flags: | stsymbal:
needinfo?
|
||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-11-09 18:21:53 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Issue can be reproduced. Moreover, if the user auth type is modified in the WebGUI (for instance select Radius, click on "save", then navigate to a different page), the GUI warns "This page has unsaved changes. Please save or revert." even though the user entry has been updated and the change is visible in LDAP / ipa user-show. Password reset and enable/disable actions also don't work from WebUI. Some more details are needed about the issue: 1) How do you perform the upgrade system from 7.7 to 7.8? 2) Is there any error in browser console (F12 -> Console) after user profile open? I was able to reproduce in May (see #c2) but not anymore. The issue may also be linked to the browser version as I updated firefox in the meantime (no issue today with firefox 77.0.1-2.fc31). Leonid, which browser are you using? To Serhii Tsymballiuk: 1. yum update, no errors in /var/log/ipaupgrade.log 2. no errors To Florence Blanc-Renaud: I'm still able to reproduce it in Firefox-77.0.1 (fc33) and Chrome 83.0.4103.116 Hi Leonid, my question may seem completely unrelated, but is your topology CA-less? There is an issue with displaying the data in the WebGUI in CA-less servers (https://pagure.io/freeipa/issue/8203), that may explain this behavior. Hello Florence, Yes, my topology is CA-less. It was initially installed with Codero CA certificates, then switched to Letsencrypt. Seems this is the issue. Upstream ticket: https://pagure.io/freeipa/issue/8203 Leonid, thanks for the confirmation. I am linking the BZ with the upstream ticket. There are discussions in the upstream PR https://github.com/freeipa/freeipa/pull/4831 on the proper way to handle the issue. Hi Florian, If I run ipa-ca-install and add CA - will it fix the problem? Hi Leonid, yes, installing the CA role with ipa-ca-install will fix the problem. Please note that running this command will configure a Certificate Authority in IdM, and you will later be able to issue certificates signed by this IPA CA, *BUT* it won't replace your existing server certificates (httpd/LDAP/pkinit). The existing httpd/LDAP/pkinit certificates also won't be tracked by certmonger and you will still need to manually track their expiry and replace them when they expire. Thank you taking your time and submitting this request for Red Hat Enterprise Linux 7. Unfortunately, this bug cannot be kept even as a stretch goal and was postponed to RHEL8. The issue was fixed in cert plugin: https://pagure.io/freeipa/c/32c64a78cef499c05e4ffa71d033692571297dca Since it is old fix it is already in older FreeIPA version branches. So no backport is needed in upstream. Verified using nightly: (A) test-result.txt.gz webui test_enabled_by_default from test_user.py::test_user ============================= test session starts ============================== test_webui/test_user.py::test_user::test_enabled_by_default PASSED [ 72%] (B) runner.log 2021-07-30T10:04:34+0000 ok: [master.testrelm.test] => (item=ipa-server) => 2021-07-30T10:04:34+0000 msg: 2021-07-30T10:04:34+0000 - arch: x86_64 2021-07-30T10:04:34+0000 epoch: null 2021-07-30T10:04:34+0000 name: ipa-server 2021-07-30T10:04:34+0000 release: 4.module+el8.5.0+11912+1b4496cf 2021-07-30T10:04:34+0000 source: rpm 2021-07-30T10:04:34+0000 version: 4.9.6 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4230 |
Created attachment 1688516 [details] Web UI screenshot Description of problem: IPA Web UI doesn't show status of user authentication types (Password, RADIUS or Two factor) Version-Release number of selected component (if applicable): 4.6.6-11.el7 How reproducible: always (reproduced on two servers) Steps to Reproduce: 1. open some user profile, verify that check mark is set on OTP 2. upgrade system from 7.7 to 7.8 3. open profile of the same user Actual results: Checkmark is missing, all three checkboxes are empty Expected results: Check mark is present Additional info: cli command "ipa show-user" show correct user authentication type $ ipa user-show username User authentication types: otp