Bug 1011058 - [Admin Portal] Relogin with username/password via login screen after being automatically logged off causes HTTP auth dialog
[Admin Portal] Relogin with username/password via login screen after being au...
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-webadmin-portal (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: 3.4.0
Assigned To: vszocs
Jiri Belka
: 1036215 (view as bug list)
Depends On:
Blocks: GSS_RHEV_33_BETA 1032533
  Show dependency treegraph
Reported: 2013-09-23 10:41 EDT by Jiri Belka
Modified: 2014-06-12 10:11 EDT (History)
8 users (show)

See Also:
Fixed In Version: ovirt-3.4.0-beta1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
engine.log, ssl_access_log, ssl_request_log (800.00 KB, application/x-tar)
2013-09-23 10:41 EDT, Jiri Belka
no flags Details
screenshot (267.69 KB, image/png)
2013-09-23 10:42 EDT, Jiri Belka
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 20404 None None None Never

  None (edit)
Description Jiri Belka 2013-09-23 10:41:29 EDT
Created attachment 801684 [details]
engine.log, ssl_access_log, ssl_request_log

Description of problem:
Relogin with username/password (admin@internal) via usual RHEVM login screen after being automatically logged off causes appearance of HTTP authentication dialog.

Closing this HTTP authentication dialog with 'Cancel' opens for me again valid UI of Administration Portal. I did not need to type anything in HTTP auth dialog, just 'Cancel', I was logged via normal RHEVM login page anyway.

The appearance of HTTP auth dialog is odd and confusing.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. login into Admin Portal
2. let the app to automatically log you off
3. type again credentials

Actual results:
HTTP auth dialog blocking loading of Admin portal UI

Expected results:
no such HTTP auth dialog should appear

Additional info:
I was relogging around cca 16:21 IIRC
Comment 1 Jiri Belka 2013-09-23 10:42:24 EDT
Created attachment 801685 [details]
Comment 3 vszocs 2013-10-09 08:53:12 EDT
OK, I've tried to reproduce this bug on following scenarios (3 times each):

A1. Log into WebAdmin
A2. Wait long enough so that Engine user session will be invalidated
A3. WebAdmin login screen appears
A4. Log into WebAdmin

B1. Log into WebAdmin
B2. Stop Engine service and wait some time
B3. Start Engine service
B4. WebAdmin login screen appears
B5. Log into WebAdmin

I didn't encounter "Authentication Required" popup at all. I guess this has something to do with Engine config/infra?

Looking at engine.log around 16:21 - I see two logical operations:

1. WebAdmin GUI login [OK]
DEBUG [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/ IsUserAutorizedToRunAction: Login - no permission check
DEBUG [org.ovirt.engine.core.bll.adbroker.LdapBrokerBase] (ajp-/ RunAdAction Entry, actionType=AuthenticateUser
DEBUG [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/ Found permission 97c0963b-a7bf-4b6a-8e05-1a449c9d330e for user when running LoginAdminUser, on Bottom with id bbb00000-0000-0000-0000-123456789bbb
DEBUG [org.ovirt.engine.core.bll.MultiLevelAdministrationHandler] (ajp-/ LoginAdminUser: User logged to admin using role SuperUser
DEBUG [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/ Checking if user admin@internal is an admin, result true
INFO  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/ Running command: LoginAdminUserCommand internal: false.
INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/ Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal logged in.

2. REST API create session [FAIL]
DEBUG [org.ovirt.engine.core.bll.ValidateSessionQuery] (ajp-/ Calling ValidateSession
DEBUG [org.ovirt.engine.core.bll.ValidateSessionQuery] (ajp-/ Input session ID is: 8f076fa4-9c73-4509-a0fa-11bbb0237440
DEBUG [org.ovirt.engine.core.bll.ValidateSessionQuery] (ajp-/ Didn't find session user
DEBUG [org.ovirt.engine.core.bll.ValidateSessionQuery] (ajp-/ ValidateSession ended
INFO  [org.ovirt.engine.api.restapi.security.auth.LoginValidator] (ajp-/ Validating session failed, reason: Session does not exist.

So operation 2. failed on "Session does not exist" - I'll have to investigate a bit more.
Comment 4 vszocs 2013-10-10 11:18:00 EDT
Scratch my last comment, I was able to reliably reproduce this issue after all.

In case REST API session is alive and Engine session is dead (timeout due to user inactivity), after WebAdmin GUI login, two regressions occur:
- web browser un-conditionally shows "Authorization Required" popup upon HTTP 401 response
- response doesn't contain JSESSIONID header which breaks UI Plugin REST API integration

Working on a fix.
Comment 5 Einav Cohen 2013-10-16 11:20:16 EDT
workaround is fairly easy - close the browser (entirely, i.e. all browser's windows that are opened in the client) and re-open it.
[brand new sessions will be created, so problem should disappear].
reducing severity to 'high'.
Comment 7 Einav Cohen 2013-12-11 08:43:17 EST
*** Bug 1036215 has been marked as a duplicate of this bug. ***
Comment 8 Jiri Belka 2014-03-12 10:29:32 EDT
ok, rhevm-backend-3.4.0-0.3.master.el6ev.noarch

cannot reproduce with UserSessionTimeOutInterval=1.
Comment 9 Itamar Heim 2014-06-12 10:11:48 EDT
Closing as part of 3.4.0

Note You need to log in before you can comment on or make changes to this bug.