Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1247804

Summary: RHEL OSP Branded login page, credentials boxes don't disappear when selecting WebSSO login
Product: Red Hat OpenStack Reporter: Jamie Lennox <jlennox>
Component: python-django-horizonAssignee: Matthias Runge <mrunge>
Status: CLOSED ERRATA QA Contact: Prasanth Anbalagan <panbalag>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0 (Kilo)CC: aortega, athomas, mrunge, nkinder, panbalag, yeylon
Target Milestone: z2Keywords: Triaged, ZStream
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-django-horizon-2015.1.1-2.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-08 12:22:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Login page with all fields
none
Login page with openid connect
none
Login page with saml none

Description Jamie Lennox 2015-07-28 23:35:33 UTC 
In the upstream horizon login page when you configure it to use WebSSO login the username and password text boxes associated with your keystone login credentials will disappear as they are not used for websso. 

In the RHEL OSP branded login page this doesn't happen so if i select to use a SAML provider i still see username and password boxes which is confusing as any values entered here will be ignored. 

Versions: 

openstack-dashboard-theme-2015.1.0-10.el7ost.noarch
openstack-dashboard-2015.1.0-10.el7ost.noarch
python-django-horizon-2015.1.0-10.el7ost.noarch
Comment 3 Matthias Runge 2015-09-03 12:08:24 UTC 
This happens only with our UI.
Comment 7 Matthias Runge 2015-09-25 06:44:19 UTC 
How to test:

In /etc/openstack-dashboard/local_settings set
WEBSSO_ENABLED = True
WEBSSO_CHOICES = (
  ("credentials", _("Keystone Credentials")),
  ("oidc", _("OpenID Connect")),
  ("saml2", _("Security Assertion Markup Language"))
)

WEBSSO_INITIAL_CHOICE = "credentials"

And you need to set 
OPENSTACK_API_VERSIONS = {
#    "data-processing": 1.1,
    "identity": 3,
#    "volume": 2,
}

=> (identity, use version 3)
and restart httpd

At the login page, you should be able to choose between login methods. When selecting anything else other than Keystone Credentials, Username and password field should be hidden.
Comment 8 Prasanth Anbalagan 2015-09-25 13:38:37 UTC 
Created attachment 1077105 [details]
Login page with all fields
Comment 9 Prasanth Anbalagan 2015-09-25 13:39:31 UTC 
Created attachment 1077106 [details]
Login page with openid connect
Comment 10 Prasanth Anbalagan 2015-09-25 13:39:59 UTC 
Created attachment 1077107 [details]
Login page with saml
Comment 11 Prasanth Anbalagan 2015-09-25 13:42:23 UTC 
Upon making the above configuration, the login screen presented three options for
authentication - 'Keystone Credentials', 'OpenID Connect' and 'Security Assertion Markup Language' (SAML). Verified that with OpenID and SAML options selected, username and password fields disappeared.

Note: Please see attachments (.jpgs) for screenshots of the login screen.
Comment 13 errata-xmlrpc 2015-10-08 12:22:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:1874