Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1084136

Summary: SSO: Need to package sssd-dbus, mod_authnz_pam, mod_lookup_identity, mod_intercept_form_submit, ipa-server-foreman-smartproxy in Sat6 for external auth
Product: Red Hat Satellite Reporter: Corey Welton <cwelton>
Component: PackagingAssignee: Jason Montleon <jmontleo>
Status: CLOSED CURRENTRELEASE QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: NightlyCC: bbuckingham, bkearney, jhrozek, jmontleo, jpazdziora, kbidarka, mgrepl, mkosek, mmccune, perobins, rcritten, stbenjam
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-11 12:22:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1080478, 1118327, 1118410    
Bug Blocks: 1132859    

Description Corey Welton 2014-04-03 17:03:37 UTC 
Description of problem:
Per this URL, the following packages are required for external auth with kerb.

http://theforeman.org/manuals/1.4/index.html#5.7SPNEGOauthentication

Customers cannot be expected to download third-party RPMs in order to enable kerb.  This will need to be packaged with product.

Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140402.3

How reproducible:


Steps to Reproduce:
1.  Enable repos for Sat6
2.  yum install -y sssd-dbus mod_lookup_identity
3.  view results

Actual results:
No package sssd-dbus available.
No package mod_lookup_identity available.

Expected results:
Need to have these packages available in downstream product.

Additional info:
Comment 16 Jan Pazdziora (Red Hat) 2014-05-07 12:02:57 UTC 
Provided Satellite 6.0 GA will be based on Foreman 1.5, mod_intercept_form_submit and mod_authnz_pam should also be included in Satellite 6 composes.
Comment 23 Martin Kosek 2014-05-14 08:54:00 UTC 
As part of IPA/Identity Management integration, ipa-server-foreman-smartproxy package (builds are on the way) should be included in Sattelite 6 product as well. Jason was fine with tracking the package in this bug, thus adding the package to the Bug title along with others.
Comment 42 Corey Welton 2014-08-14 21:15:21 UTC 
Testing notes:  Pretty much just assure ^ packages get installed.
Comment 43 Kedar Bidarkar 2014-08-19 12:40:34 UTC 
Verified with sat6-GA-snap5.


Dependencies Resolved

================================================================================
 Package                           Arch       Version            Repository
                                                                           Size
================================================================================
Installing:
 ipa-server-foreman-smartproxy     noarch     3.0.0-2.el6sat     sat6      28 k
 mod_authnz_pam                    x86_64     0.9.2-1.el6        sat6      12 k
 mod_intercept_form_submit         x86_64     0.9.7-1.el6        sat6      16 k
 mod_lookup_identity               x86_64     0.9.1-1.el6        sat6      17 k
 sssd-common                       x86_64     1.11.5.1-3.el6     sat6     840 k
     replacing  libsss_autofs.x86_64 1.9.2-129.el6
 sssd-dbus                         x86_64     1.11.5.1-3.el6     sat6     114 k
Installing for dependencies:
 python-sssdconfig                 noarch     1.11.5.1-3.el6     sat6     114 k
 sssd-ad                           x86_64     1.11.5.1-3.el6     sat6     153 k
 sssd-common-pac                   x86_64     1.11.5.1-3.el6     sat6     114 k
 sssd-ipa                          x86_64     1.11.5.1-3.el6     sat6     217 k
 sssd-krb5                         x86_64     1.11.5.1-3.el6     sat6     117 k
 sssd-krb5-common                  x86_64     1.11.5.1-3.el6     sat6     153 k
 sssd-ldap                         x86_64     1.11.5.1-3.el6     sat6     194 k
 sssd-proxy                        x86_64     1.11.5.1-3.el6     sat6     110 k
Updating for dependencies:
 libipa_hbac                       x86_64     1.11.5.1-3.el6     sat6      87 k
 libipa_hbac-python                x86_64     1.11.5.1-3.el6     sat6      82 k
 libsss_idmap                      x86_64     1.11.5.1-3.el6     sat6      92 k
 sssd                              x86_64     1.11.5.1-3.el6     sat6      82 k
 sssd-client                       x86_64     1.11.5.1-3.el6     sat6     129 k

======================================



Installed Packages

    candlepin-0.9.23-1.el6_5.noarch
    candlepin-common-1.0.1-1.el6_5.noarch
    candlepin-scl-1-5.el6_4.noarch
    candlepin-scl-quartz-2.1.5-5.el6_4.noarch
    candlepin-scl-rhino-1.7R3-1.el6_4.noarch
    candlepin-scl-runtime-1-5.el6_4.noarch
    candlepin-selinux-0.9.23-1.el6_5.noarch
    candlepin-tomcat6-0.9.23-1.el6_5.noarch
    createrepo-0.9.9-21.2.pulp.el6sat.noarch
    elasticsearch-0.90.10-4.el6sat.noarch
    katello-1.5.0-28.el6sat.noarch
    katello-ca-1.0-1.noarch
    katello-certs-tools-1.5.6-1.el6sat.noarch
    katello-installer-0.0.59-1.el6sat.noarch
    m2crypto-0.21.1.pulp-10.el6sat.x86_64
    mod_wsgi-3.4-1.pulp.el6sat.x86_64
    pulp-katello-0.3-3.el6sat.noarch
    pulp-nodes-common-2.4.0-0.30.beta.el6sat.noarch
    pulp-nodes-parent-2.4.0-0.30.beta.el6sat.noarch
    pulp-puppet-plugins-2.4.0-0.30.beta.el6sat.noarch
    pulp-puppet-tools-2.4.0-0.30.beta.el6sat.noarch
    pulp-rpm-plugins-2.4.0-0.30.beta.el6sat.noarch
    pulp-selinux-2.4.0-0.30.beta.el6sat.noarch
    pulp-server-2.4.0-0.30.beta.el6sat.noarch
    python-gofer-qpid-1.3.0-1.el6sat.noarch
    python-isodate-0.5.0-1.pulp.el6sat.noarch
    python-kombu-3.0.15-12.pulp.el6sat.noarch
    python-pulp-bindings-2.4.0-0.30.beta.el6sat.noarch
    python-pulp-common-2.4.0-0.30.beta.el6sat.noarch
    python-pulp-puppet-common-2.4.0-0.30.beta.el6sat.noarch
    python-pulp-rpm-common-2.4.0-0.30.beta.el6sat.noarch
    python-qpid-0.22-14.el6sat.noarch
    python-qpid-qmf-0.22-37.el6.x86_64
    qpid-cpp-client-0.22-42.el6.x86_64
    qpid-cpp-server-0.22-42.el6.x86_64
    qpid-cpp-server-linearstore-0.22-42.el6.x86_64
    qpid-java-client-0.22-6.el6.noarch
    qpid-java-common-0.22-6.el6.noarch
    qpid-proton-c-0.7-1.el6.x86_64
    qpid-qmf-0.22-37.el6.x86_64
    qpid-tools-0.22-12.el6.noarch
    ruby193-rubygem-katello-1.5.0-82.el6sat.noarch
    rubygem-hammer_cli_katello-0.0.4-12.el6sat.noarch
    rubygem-smart_proxy_pulp-1.0.0-1.1.el6sat.noarch
Comment 44 Jan Pazdziora (Red Hat) 2014-08-19 13:02:58 UTC 
Could you please also verify on RHEL 7?
Comment 45 Kedar Bidarkar 2014-08-20 13:58:25 UTC 
Needs testing of Sat6 running on RHEL7
Comment 46 Kedar Bidarkar 2014-08-20 16:10:17 UTC 
Verified on RHEL7 too, we now have all the package mentioned in the bug summary in sat6 compose and no external packages are being used.


==============================================================================================================================================================================================
 Package                                                Arch                            Version                                             Repository                                   Size
==============================================================================================================================================================================================
Installing:
 ipa-server-foreman-smartproxy                          noarch                          3.0.0-2.el7sat                                      katello                                      29 k
 mod_authnz_pam                                         x86_64                          0.9.3-1.el7                                         katello                                      13 k
 mod_intercept_form_submit                              x86_64                          0.9.8-2.el7                                         katello                                      18 k
 mod_lookup_identity                                    x86_64                          0.9.2-1.el7                                         katello                                      19 k
 sssd-dbus                                              x86_64                          1.12.0-1.el7                                        katello                                     117 k
Comment 47 Stephen Benjamin 2014-08-22 08:03:51 UTC 
Why is ipa-server-foreman-smartproxy included here?

This is NOT the Foreman Smart Proxy for Realm, which is part of the foreman-proxy package.  This has also not gone through any QE process.
Comment 48 Stephen Benjamin 2014-08-22 08:04:45 UTC 
Rob, can you comment on the status of your proxy? I thought it wasn't ready due to SSL issues and such with CherryPY?

I also don't think it should go into the Satellite 6 repo, as you'll end up needing a Satellite 6 subscription for the IPA server.
Comment 49 Martin Kosek 2014-09-01 11:15:20 UTC 
Note that there was an off-list discussion, we agreed that our version of the smartproxy package should not be used and we should instead live with the native proxy made by Stephen.

Rob already filed RFE Bugzillas for features that were present in IPA proxy and missing in Satellite native proxy.
Comment 50 Bryan Kearney 2014-09-11 12:22:16 UTC 
This was delivered with Satellite 6.0 which was released on 10 September 2014.