1035472 – Enabling sign out feature for users

Bug 1035472 - Enabling sign out feature for users

Summary: Enabling sign out feature for users

Keywords:
Status:	CLOSED DUPLICATE of bug 1059798
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	1.2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Luke Meyer
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1021658
TreeView+	depends on / blocked

Reported:	2013-11-27 21:14 UTC by Eric Rich
Modified:	2019-02-15 13:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-02-04 19:18:19 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	447263	0	None	None	None	Never

Description Eric Rich 2013-11-27 21:14:24 UTC

Description of problem:

There is no logout option, for users on the OpenShift Console. If I enable LDAP authentication and set the DISABLE_USER to true there is no sign-out option. 

It looks like there is some thought given to expanding upon or providing this in: 
https://trello.com/c/lePEOdOD/12-3-enterprise-allow-logout-link-to-be-configured

However I can not find any documentation on the DISABLE_USER directive, or how to enable a logout / sign out feature. 

The closest thing I can find to us providing such a feature is with https://bugzilla.redhat.com/show_bug.cgi?id=903506 and https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/1/html/1.1_Release_Notes/sect-OpenShift_Enterprise-1.1_Release_Notes-Known_Issues-Management_Console.html

However this was closed as it was specific to IE and Safari's mode of operation.

Comment 2 Luke Meyer 2014-01-02 15:18:02 UTC

In Origin, as far as I know, there is no sign-out option either. For Online, the auth mechanism goes through other Red Hat services that solve the problem.

Under OSE 1.0/1.1 code was added to the console with a hacked-in method of "logging out" that would reset basic authentication, but didn't work so well under some browsers. It may not be too difficult to hack that in again for 1.2 and 2.0. I think we just lost it in the rebase and didn't prioritize it.

Alternatively, we could do this the right way, which to my way of thinking is something like: at first login on the console, obtain an auth token from the broker REST API, then put that in a cookie and use it until it expires or the user clicks on logout (when we can just rewrite the cookie). The problem with the current method is that the user/pass are being used each time to auth with the REST API and we don't really want to put that in a cookie or store them anywhere. With the auth token it would be a pretty sane approach, but it's a bit of structural change and I doubt it would be considered a priority to backport.

I created a public Trello card for this at https://trello.com/c/CILtbHLX/142-mgmt-console-cookie-based-auth-and-logout

Comment 3 Brenton Leanhardt 2014-02-04 19:19:36 UTC


*** This bug has been marked as a duplicate of bug 1059798 ***

Note You need to log in before you can comment on or make changes to this bug.