Bug 1912387
Summary: | [TOTP/RHSSO] - Two factor authentication while accepting missing parameters fails on authentication | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Omkar Khatavkar <okhatavk> |
Component: | Authentication | Assignee: | Rahul Bajaj <rabajaj> |
Status: | CLOSED NOTABUG | QA Contact: | Omkar Khatavkar <okhatavk> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.9.0 | CC: | mhulan, oezr, rabajaj |
Target Milestone: | 6.9.0 | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-02 11:33:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Omkar Khatavkar
2021-01-04 10:53:29 UTC
Created redmine issue https://projects.theforeman.org/issues/31698 from this bug Hello, After updating my hammer instance and hammer-cli-foreman instance, I was trying to reproduce the issue and looks like everything is working fine. ``` [vagrant@centos7-hammer-devel hammer-cli-foreman]$ hammer auth login oauth --two-factor Openidc Provider Token Endpoint: https://keycloak.example.org/auth/realms/hammer-cli/protocol/openid-connect/token Openidc Provider Authorization Endpoint: https://keycloak.example.org/auth/realms/hammer-cli/protocol/openid-connect/auth Client ID: rest-api-client Redirect URI: urn:ietf:wg:oauth:2.0:oob Enter URL in browser: https://keycloak.example.org/auth/realms/hammer-cli/protocol/openid-connect/auth?response_type=code&client_id=rest-api-client&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=openid Code: f34f8433-65a8-4309-a989-a1b7d6483c92.26a4bf95-04e4-4886-9394-d993c2ddd694.319510a3-b275-415e-957a-53a3059b51e0 Successfully logged in as 'rabajaj'. ``` @Omkar can you test again and if you are still facing the issue please provide me with a reproducer. Thank you, Hello, I just noticed the original issue raised, the steps mentioned: ``` hammer> auth login oauth Openidc Provider Token Endpoint: https://rhsso.redhat.com/auth/realms/satqe/protocol/openid-connect/token Client ID: satellite.redhat.com-foreman-openidc Username: foobar Password: 401 Unauthorized ``` Now, CAC card and TOTP are two-factor authentication methods and we support only two-factor authentication with RHSSO. The above steps is missing that parameter and therefore the issue. Even, if you wish to not use the --two-factor method, you will have to use a user that does not have OTP biding to it. This is NOTABUG, I am closing this issue, if you think otherwise, feel free to open the BZ. Thank you, |