Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1164788

Summary: SSO to reports is broken in certain conditions
Product: Red Hat Enterprise Virtualization Manager Reporter: Shirly Radco <sradco>
Component: ovirt-engine-webadmin-portalAssignee: Alexander Wels <awels>
Status: CLOSED CURRENTRELEASE QA Contact: movciari
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: awels, ecohen, gklein, iheim, lsurette, oourfali, pstehlik, rbalakri, Rhev-m-bugs, scohen, yeylon
Target Milestone: ---   
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: org.ovirt.engine-root-3.5.0-21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-17 17:08:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1164308    

Description Shirly Radco 2014-11-17 13:58:29 UTC 
Description of problem:

The SSO is broken is certain conditions.


Version-Release number of selected component (if applicable):
3.5

How reproducible:


Steps to Reproduce:

1. The user is ALREADY logged, when the host page is generated it sees the 
user is logged in already and it WILL put the SSO token in the host page, 
together with the user information. The token right now is the http session 
id.
2. The user is logged in automatically bypassing the login call and bypassing 
the SSOTokenChangeEvent from the XsrfRpcRequestBuilder. However the event is 
still fired from the contents of the host page, which are incorrect. At this 
point the SSO will NOT work correctly.

Actual results:
SSO is not working correctly


Expected results:
SSO should work in all cases

Additional info:
Comment 2 movciari 2015-01-13 16:45:03 UTC 
could you provide some more detailed verification steps, please?
Comment 3 Alexander Wels 2015-01-13 16:51:35 UTC 
Sure, the issue is basically the difference between a fresh login, vs an existing login when opening the web admin. So there are 2 things to verify:

1. When not logged in (aka the login page shows). Log into the webadmin and verify you can connect to the reports using the SSO.

2. When already logged in, refresh the browser (or open a new tab and go to the webadmin). The difference will be that you will see the login page grayed out for a second before the web admin shows up. Verify that you can connect to the reports using SSO.

Before 1 would work fine and 2 would not work because it had the wrong SSO token.
Comment 4 Eyal Edri 2015-02-17 17:08:31 UTC 
rhev 3.5.0 was released. closing.