Bug 966525

Summary: [rhevm-reports] Webadmin Reports Menu - SSO doesnt work, Reports Requires manually login
Product: Red Hat Enterprise Virtualization Manager Reporter: David Botzer <dbotzer>
Component: ovirt-engine-reportsAssignee: Vojtech Szocs <vszocs>
Status: CLOSED CURRENTRELEASE QA Contact: David Botzer <dbotzer>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: acathrow, alkaplan, dyasny, ecohen, hateya, iheim, pstehlik, Rhev-m-bugs, sgrinber, vszocs, ykaul, ylavi
Target Milestone: ---   
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ux
Fixed In Version: sf17.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 970623    
Attachments:
Description Flags
logs
none
br9-exception
none
jasp-local
none
jasp-remote none

Description David Botzer 2013-05-23 12:17:52 UTC 
Created attachment 752175 [details]
logs

Description of problem:
SSO doesnt work - when I open a report via webadmin I gget login page.
I have cleaned the Browser cache before using it,

Version-Release number of selected component (if applicable):
3.2/sf17.1

How reproducible:
always

Steps to Reproduce:
1.install rhevm+dwh+reports
2.create entities
3.Open any report via webadmin

Actual results:
1. Reaches login page in Reports Portal,

2. After I login manully, when setup is less than 2H the Report gives exception.

Expected results:
should autologin to report, an  no exceptions

Additional info:
logs
Comment 1 David Botzer 2013-05-23 12:19:15 UTC 
Created attachment 752176 [details]
br9-exception
Comment 2 Oved Ourfali 2013-05-23 13:23:02 UTC 
The error is:
---------------------------------------------------------------------------------
The server has encountered an error. Please excuse the inconvenience.
Error Message

java.lang.IllegalArgumentException: An id is required to lookup a FlowDefinition
Error Trace
---------------------------------------------------------------------------------

Which doesn't say anything about an authentication issue... iirc this kind of errors are "logical" and not related to that.

Yaniv - am I right?
David - can you attach complete jasper + ovirt logs, rather than just an error?

T
Comment 3 Yaniv Lavi 2013-05-23 13:25:07 UTC 
This error happened after he logged in with rhevm-admin instead of sso, so this error is not really related. 



Yaniv
Comment 4 David Botzer 2013-05-23 13:31:02 UTC 
Created attachment 752205 [details]
jasp-local
Comment 5 David Botzer 2013-05-23 13:32:23 UTC 
Created attachment 752206 [details]
jasp-remote
Comment 6 Oved Ourfali 2013-05-23 14:46:21 UTC 
The session validation is done using a servlet, posting the session ID of the engine.

From doing some tests using wget, I see that when I do http GET to the servlet, passing the sessionID in the URL, it works well.
However, when using http POST (using wget -X POST), and passing the data in the body, it fails with error 500.

The component we use in the reports server to call the session validation is also using HTTP POST.

That's weird, as it worked well in the past.
We can workaround it by using HTTP GET when calling the session validation (assuming that it would work in the code like it works using wget), or further investigate in order to understand why it suddenly stopped working (as it did work in the past, and no were made for months now to the SSO mechanism).
Comment 7 Oved Ourfali 2013-05-23 15:03:51 UTC 
My mistake.
Used wget instead of curl by accident.
Continue investigating.
Comment 9 Einav Cohen 2013-05-24 19:08:17 UTC 
- the JSESSISOID "root" cookie was introduced with the docs redirection servlet (see bug 885823)

- it was used in order to save a preference-per-session on the server side.

- problem is that if there are two cookies with the same name under the same domain, the "root" one takes precedence.

- solution would be to save that DocsServlet's preference-per-session on a client-side session-cookie, eliminating the DocsServlet's need for a root JSESSIONID cookie.
Comment 10 Vojtech Szocs 2013-05-24 19:24:27 UTC 
See upstream patch commit message for details on the root cause of this issue.
Comment 11 Vojtech Szocs 2013-05-27 11:03:24 UTC 
Added one more u/s & d/s patch to make sure relevant cookies are explicitly scoped to "/" (root) context URL.
Comment 12 David Botzer 2013-05-29 13:09:10 UTC 
Fixed, 3.2/sf17.3
Webadmin Dashboards, and reports portal via webadmin (SSO)
works correct,
Fixed, 3.2/sf17.3
Comment 13 Itamar Heim 2013-06-11 09:43:49 UTC 
3.2 has been released
Comment 14 Itamar Heim 2013-06-11 09:43:54 UTC 
3.2 has been released
Comment 15 Itamar Heim 2013-06-11 09:55:15 UTC 
3.2 has been released