Bug 1842233

Summary: [NooBaa Login] User is led to account-based login form instead of SSO
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: Ben Eli <belimele>
Component: Multi-Cloud Object GatewayAssignee: Ohad <omitrani>
Status: CLOSED ERRATA QA Contact: Ben Eli <belimele>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.5CC: assingh, ebenahar, ebondare, etamir, nbecker, ocs-bugs
Target Milestone: ---Keywords: Regression
Target Release: OCS 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.5.0-460.ci Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-15 10:17:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Eli 2020-05-31 08:59:45 UTC 
Description of problem (please be detailed as possible and provide log
snippests):
I'm trying to enter the NooBaa management console.
In the OpenShift web UI, when going to Home -> Overview ->  Object Service tab -> `noobaa` link (under System Name), I'm led to a NooBaa account-based login, instead of the regular SSO page.
The only way to log in is to check the `noobaa-admin` secret for the credentials 

Version of all relevant components (if applicable):
OCP 4.5.0-0.nightly-2020-05-30-025738
ocs-operator.v4.5.0-439.ci
NooBaa 5.5.0-f805927


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
No

Is there any workaround available to the best of your knowledge?
Yes - run `oc get secret noobaa-admin -o yaml`, decode the `email` and `password` fields from base64, and log in by using them

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Did not check

Can this issue reproduce from the UI?
NA

If this is a regression, please provide more details to justify this:
Yes, up until now, SSO was used to enter the NooBaa management console, now the regular login form is shown instead

Steps to Reproduce:
1. Enter the OpenShift web UI
2. Click on the `noobaa` link under the `Object Service` tab 
3. Encounter the login form


Actual results:
Account-based login form is shown

Expected results:
SSO login form is shown
Comment 3 Ohad 2020-05-31 09:12:28 UTC 
Hi Ben,
Can you please attach a must gather for the environment where the bug manifests
Comment 6 Ohad 2020-05-31 12:13:48 UTC 
Hi Ben

In order to find the OAuth server endpoints (which we are using for authentication), the noobaa operator is trying to read 
https://openshift.default.svc/.well-known/oauth-authorization-server

The logs show that in this specific cluster it fails because of a certificate error 
x509: certificate signed by unknown authority" sys=openshift-storage/noobaa
which we never encountered before. 

Can you tell me more about the environment, What is different about this cluster?
Comment 9 Nimrod Becker 2020-06-09 08:42:09 UTC 
*** Bug 1843885 has been marked as a duplicate of this bug. ***
Comment 10 Ohad 2020-06-10 16:10:42 UTC 
A PR with a fix was issued to the upstream project (See links section)
Comment 14 Ben Eli 2020-07-19 13:44:25 UTC 
SSO is working once more; The NooBaa login dialog isn't shown.
Verified.
OCS v4.5.0-493.ci
OCP v4.5.0-0.nightly-2020-07-18-024505
Comment 16 errata-xmlrpc 2020-09-15 10:17:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Container Storage 4.5.0 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3754