Bug 2049814

Summary: Tech Preview multicluster feature causes auth redirect loop on first login to managed cluster after upgrade
Product: OpenShift Container Platform Reporter: Jon Jackson <jonjacks>
Component: Management ConsoleAssignee: Jon Jackson <jonjacks>
Status: CLOSED DUPLICATE QA Contact: Yadan Pei <yapei>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.10CC: aos-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-14 15:08:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Jackson 2022-02-02 18:12:17 UTC 
REPRODUCING THIS BUG REQUIRES ENABLING TECH PREVIEW FEATURES ON THE TARGET CLUSTER, WHICH IS AN IRREVERSIBLE ACTION, WILL DISABLE CLUSTER UPGRADES, AND NULLS RED HAT SUPPORT OF THE CLUSTER. ONLY ATTEMPT TO REPRODUCE THIS BUG ON A DEVELOPMENT CLUSTER WHERE THE ABOVE LIMITATIONS ARE ACCEPTABLE.

Description of problem:
Multicluster tech preview - first login to managed cluster causes an auth redirect loop if old cookies have not been clear after updating from 4.9 t o4.10

Version-Release number of selected component (if applicable):
4.10

How reproducible:
Almost always



Steps to Reproduce:
1. Log in to the console of a 4.9 or older cluster
2. Upgrade the same cluster to 4.10 (either through the web UI or CLI)
3. Install ACM 2.5+
4. Import or provision a managed cluster through ACM

**STEP 5 IS IRREVERSIBLE, WILL DISABLE CLUSTER UPGRADES AND MAKE THE CLUSTER UNSUPPORTED. PROCEED WITH CAUTION**

5. Enable the multicluster tech preview by adding "TechPreviewNoUpgrade" to featuregate.config.openshift.io/cluster spec.featureSet property.
6. Make sure you use the same browser as step 1 and do not use a new incognito window or clear cookies. We need to preserve the cookies that were created when logging into the 4.9 console. Give the console operator time to re-deploy the console with the multicluster config and then refresh the browser. You should eventually see the cluster switcher appear with the imported/provisioned cluster from step 4 shown (granted the cluster is available).
7. Select the managed cluster from the cluster dropdown
8. Log in to the managed cluster

Actual results:
The user enters an auth redirect loop

Expected results:
The user should successfully authenticate to the managed cluster and be redirected to the web console.


Additional info:
This is a known issue with a work-around. Clearing old cookies from the browser that was used to log into the cluster pre-update resolves the issue.
Comment 1 Jon Jackson 2022-04-14 15:08:41 UTC 

*** This bug has been marked as a duplicate of bug 2052644 ***