Bug 1164300 – [RFE][AAA] Allow browser to save credentials for User Portal

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1164300 - [RFE][AAA] Allow browser to save credentials for User Portal

Summary:	[RFE][AAA] Allow browser to save credentials for User Portal

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	RFEs (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	ovirt-4.0.0-rc
Target Release:	4.0.0
Assigned To:	Ravi Nori
QA Contact:	Pavel Novotny
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:	ovirt-aaa-sso
	Show dependency tree / graph

Reported:	2014-11-14 10:26 EST by Tim Speetjens
Modified:	2016-08-23 16:21 EDT (History)
CC List:	13 users (show)

See Also:	1164302
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	With this release, the user's browser setting for saving user names and passwords will be used for the User Portal login screen.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-08-23 16:21:50 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2016:1743	normal	SHIPPED_LIVE	Red Hat Virtualization Manager 4.0 GA Enhancement (ovirt-engine)	2016-09-02 17:54:01 EDT

Groups: None (edit)

Description Tim Speetjens 2014-11-14 10:26:43 EST

Users expect the browser to propose to cache credentials, however, this functionality does not work when logging into the RHEV User Portal.

Comment 5 Yaniv Kaul 2016-06-07 10:18:14 EDT

1. This is actually a security issue - but I assume if customers do not want this, they can turn off it on the browser side - so I assume we do not need on our side the ability to turn on or off this.
2. It seems to be working (on 4.0) already for the admin portal - so is it just fixing the user portal?

Comment 6 Martin Perina 2016-06-07 10:25:06 EDT

(In reply to Yaniv Kaul from comment #5)
> 1. This is actually a security issue - but I assume if customers do not want
> this, they can turn off it on the browser side - so I assume we do not need
> on our side the ability to turn on or off this.

I agree, but during SSO refactoring we changed login screen, so it conforms to current practise. So browser will ask a user to store the password or even fill-in stored password depending on user's browser configuration.

> 2. It seems to be working (on 4.0) already for the admin portal - so is it
> just fixing the user portal?

It was not possible to store password for both in 3.x, but in 4.0 storing password is available for both.

Comment 7 Ravi Nori 2016-06-07 10:46:38 EDT

This is fixed as part of SSO work in 4.0, the browser setting for saving user name and password will be used for the login screen.

Comment 8 Martin Perina 2016-06-13 10:09:22 EDT

Merged long time ago and definitely part of 4.0.0.4 build

Comment 9 Pavel Novotny 2016-07-15 12:46:42 EDT

Verified in rhevm-4.0.2-0.2.rc1.el7ev.noarch.

Browsers now offer the user to save credentials for the SSO login page.
For details see bug 1164302 comment 9.

Comment 11 errata-xmlrpc 2016-08-23 16:21:50 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-1743.html

Note You need to log in before you can comment on or make changes to this bug.