Description of problem: The SSO is broken is certain conditions. Version-Release number of selected component (if applicable): 3.5 How reproducible: Steps to Reproduce: 1. The user is ALREADY logged, when the host page is generated it sees the user is logged in already and it WILL put the SSO token in the host page, together with the user information. The token right now is the http session id. 2. The user is logged in automatically bypassing the login call and bypassing the SSOTokenChangeEvent from the XsrfRpcRequestBuilder. However the event is still fired from the contents of the host page, which are incorrect. At this point the SSO will NOT work correctly. Actual results: SSO is not working correctly Expected results: SSO should work in all cases Additional info:
could you provide some more detailed verification steps, please?
Sure, the issue is basically the difference between a fresh login, vs an existing login when opening the web admin. So there are 2 things to verify: 1. When not logged in (aka the login page shows). Log into the webadmin and verify you can connect to the reports using the SSO. 2. When already logged in, refresh the browser (or open a new tab and go to the webadmin). The difference will be that you will see the login page grayed out for a second before the web admin shows up. Verify that you can connect to the reports using SSO. Before 1 would work fine and 2 would not work because it had the wrong SSO token.
rhev 3.5.0 was released. closing.