Description of problem: When using kerberos, every request does an extra roundtrip: -> original request <- 401 Negotiate -> request with kerberos data -> 200 OK Because .css and .js resources for userportal and webadmin are also hosted under /ovirt-engine/(userportal|webadmin) paths where users are required to authenticate by apache web server. It would be good to either prefix authentication-dependent content or create different paths under /ovirt-engine/ for static content. It seems that the biggest impact is right after logging in when most of the application resources are loaded so the issue is a kind of one-time --> low severity. On large setups however, this would probably make SAML more desirable form of portals SSO because it avoids unnecessary HTTP traffic. Version-Release number of selected component (if applicable): rhevm-webadmin-portal-3.5.3.1-1.4.el6ev.noarch rhevm-userportal-3.5.3.1-1.4.el6ev.noarch How reproducible: always Steps to Reproduce: 1. open a new tab, open developer console, switch to Network 2. go to userportal or webadmin of kerberized engine instance 3. Actual results: every request receives 401 with Negotiate header first, including static content that doesn't need any authentication Expected results: Only html and ajax requests do the extra roundtrip Additional info:
This is why it is tech preview. Will be solved in 4.0 with the sso. *** This bug has been marked as a duplicate of bug 1112404 ***
This is different than issues discussed in other bugs. I'd keep the bug open to make sure in 4.0 cycle that it is fixed.
It is not different, the current deployment of setting kerberos on application has this side effect. Please do not reopen. *** This bug has been marked as a duplicate of bug 1112404 ***