Bug 1164788 - SSO to reports is broken in certain conditions
Summary: SSO to reports is broken in certain conditions
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-webadmin-portal
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: 3.5.0
Assignee: Alexander Wels
QA Contact: movciari
URL:
Whiteboard: infra
Depends On:
Blocks: rhev35rcblocker
TreeView+ depends on / blocked
 
Reported: 2014-11-17 13:58 UTC by Shirly Radco
Modified: 2016-02-10 19:07 UTC (History)
11 users (show)

Fixed In Version: org.ovirt.engine-root-3.5.0-21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-17 17:08:31 UTC
oVirt Team: Infra
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 35047 None None None Never
oVirt gerrit 35268 ovirt-engine-3.5 MERGED userportal,webadmin: Proper reports SSO token Never

Description Shirly Radco 2014-11-17 13:58:29 UTC
Description of problem:

The SSO is broken is certain conditions.


Version-Release number of selected component (if applicable):
3.5

How reproducible:


Steps to Reproduce:

1. The user is ALREADY logged, when the host page is generated it sees the 
user is logged in already and it WILL put the SSO token in the host page, 
together with the user information. The token right now is the http session 
id.
2. The user is logged in automatically bypassing the login call and bypassing 
the SSOTokenChangeEvent from the XsrfRpcRequestBuilder. However the event is 
still fired from the contents of the host page, which are incorrect. At this 
point the SSO will NOT work correctly.

Actual results:
SSO is not working correctly


Expected results:
SSO should work in all cases

Additional info:

Comment 2 movciari 2015-01-13 16:45:03 UTC
could you provide some more detailed verification steps, please?

Comment 3 Alexander Wels 2015-01-13 16:51:35 UTC
Sure, the issue is basically the difference between a fresh login, vs an existing login when opening the web admin. So there are 2 things to verify:

1. When not logged in (aka the login page shows). Log into the webadmin and verify you can connect to the reports using the SSO.

2. When already logged in, refresh the browser (or open a new tab and go to the webadmin). The difference will be that you will see the login page grayed out for a second before the web admin shows up. Verify that you can connect to the reports using SSO.

Before 1 would work fine and 2 would not work because it had the wrong SSO token.

Comment 4 Eyal Edri 2015-02-17 17:08:31 UTC
rhev 3.5.0 was released. closing.


Note You need to log in before you can comment on or make changes to this bug.