Bug 1144018 - Plugin prompts for authentication of engine user
Summary: Plugin prompts for authentication of engine user
Keywords:
Status: CLOSED DUPLICATE of bug 1224616
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: rhsc-monitoring-uiplugin
Version: rhgs-3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Ramesh N
QA Contact: RHS-C QE
URL:
Whiteboard: gluster
Depends On: 1143041
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-18 13:09 UTC by Ramesh N
Modified: 2015-08-13 08:44 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1143041
Environment:
Last Closed: 2015-08-13 08:44:13 UTC
Embargoed:

Attachments (Terms of Use)

Description Ramesh N 2014-09-18 13:09:24 UTC 
+++ This bug was initially created as a clone of Bug #1143041 +++

Description of problem: Plugin prompt admin for password


Version-Release number of selected component (if applicable): 3.5


How reproducible: 


Steps to Reproduce:
1. Install plugin following instructions on http://www.ovirt.org/Features/Nagios_Integration#HOW_TO
2. Refresh webadmin
3. Click on trends tab

Actual results: User is prompted for authentication


Expected results: User should be automatically authenticated


Additional info:

--- Additional comment from Sahina Bose on 2014-09-18 01:41:56 EDT ---

SSO to be setup between ovirt-engine and nagios to address this.

--- Additional comment from  on 2014-09-18 07:36:03 EDT ---

"Auth required" screenshot mentions "ENGINE" so I assume this is related to UI plugin attempting to request Engine REST API.

I've discussed a similar issue with Ramesh (Gluster monitoring via Nagios UI plugin). Very likely, the problem is that UI plugin requests:

  /api/xxx

instead of:

  /ovirt-engine/api/xxx

Upon WebAdmin login, UI plugin infra acquires REST API session (represented by JSESSIONID cookie) for /ovirt-engine/api, so UI plugins must make sure to use /ovirt-engine/api in order for that cookie to be sent along request.

Long story short, maintainer of this UI plugin should ensure that requests are using /ovirt-engine/api prefix.

If the problem persists, please post browser network monitor logs for given request (auth popup is consequence of HTTP 401 request).

--- Additional comment from Ramesh N on 2014-09-18 09:06:11 EDT ---

This issue is because of using wrong api as in previous comment by vszocs. We should change the url to /ovirt-engine/api.
Comment 3 Pavithra 2014-11-24 09:50:06 UTC 
Hi Kanagaraj,

I see this bug in the 3.0.3 known issues tracker bug https://bugzilla.redhat.com/show_bug.cgi?id=1153907.
Can you please add the doc text?
Comment 4 Ramesh N 2014-12-08 06:04:33 UTC 
This bug is not reproducible in downstream. But as suggested in the upstream bz 1143041 we have to handle the rest API sessions properly. Hence keeping this bug open. 

We don't need to document this as known issue as customers are not impacted.
Comment 5 Vojtech Szocs 2015-01-07 11:59:42 UTC 
Just a reminder, please see this announcement from summer 2014: http://lists.ovirt.org/pipermail/devel/2014-July/008148.html

UI plugin REST session is acquired as *CSRF-protected* session, which means when talking with REST backend, you must also send "JSESSIONID" request header with value equal to one obtained via "RestApiSessionAcquired" callback function. If you don't do this, you will get "auth required" popup in the browser.

Other UI plugins had problems with this change too, and had to be adapted, for example OptaPlanner UI plugin that talks with REST: https://bugzilla.redhat.com/show_bug.cgi?id=1172978 (comment 1 + 2)
Comment 6 Sahina Bose 2015-08-13 08:44:13 UTC 
This bug was not reproducible in 3.0, but there was a regression in 3.1 and bug 1224616 was raised.

Hence closing this duplicate of that.

*** This bug has been marked as a duplicate of bug 1224616 ***
Note You need to log in before you can comment on or make changes to this bug.