1290187 – Cannot configure external authentication (httpd) with non-generic server domain

Bug 1290187 - Cannot configure external authentication (httpd) with non-generic server domain

Summary: Cannot configure external authentication (httpd) with non-generic server domain

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.5.2
Assignee:	Gregg Tanzillo
QA Contact:	Milan Falešník
Docs Contact:
URL:
Whiteboard:	FailedQA
Depends On:	1247787
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-09 20:10 UTC by John Prause
Modified:	2019-09-12 09:31 UTC (History)
CC List:	11 users (show)
Fixed In Version:	5.5.2.1
Doc Type:	Bug Fix
Doc Text:	In the previous version of CloudForms Management Engine, it was not possible to configure the appliance to authenticate against a Red Hat IPA domain server if the IPA domain name was composed of only a top-level domain name. This was due to validation that required the IPA domain name to contain a sub-domain name and a top-level domain name. This bug was fixed by relaxing the validation rule to allow the IPA domain name to be composed of only a top-level domain name. With this change, it is possible to configure an appliance running the new version of CloudForms Manamgent Engine to authenticate against an IPA domain with a domain name composed of only a top-level domain.
Clone Of:	1247787
Environment:
Last Closed:	2016-02-10 15:23:35 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0159	0	normal	SHIPPED_LIVE	CFME 5.5.2 bug fixes and enhancement update	2016-02-10 20:19:02 UTC

Comment 2 Tim Wade 2015-12-14 16:52:36 UTC

PR: https://github.com/ManageIQ/manageiq/pull/5812

Comment 3 Marianne Feifer 2016-01-11 00:39:31 UTC

GT, I'm trying to draft doc text for this, but I'm finding it hard to follow.  

What we need is:

What caused the problem?

What was the consequence?

What fixed it?

Comment 4 Tim Wade 2016-01-12 16:08:25 UTC

Marianne,

I'll try my best to summarize:

| What caused the problem?
| 

Validation for external authentication prevented the customer from entering a top-level domain under IPA server domain.

| What was the consequence?
|

They couldn't configure external authentication

| What fixed it?
| 

We relaxed the validation to allow top-level domains.

Let me know if you have any further questions.

Tim

Comment 9 Milan Falešník 2016-01-25 10:32:39 UTC

# vmdb
# cat VERSION 
5.5.2.2

# appliance_console   # Then Enter, 10, Enter

Configure External Authentication (httpd)


IPA Server Parameters:

Enter the IPA Server Hostname: test1.domain
Enter the IPA Server Domain: domain
Enter the IPA Server Realm: |DOMAIN| 
Enter the IPA Server Principal: |admin| 
Enter the IPA Server Principal Password: ***

External Authentication (httpd) Configuration:
IPA Server Details:
  Hostname:       test1.domain
  Domain:         domain
  Realm:          DOMAIN
  Naming Context: dc=domain
  Principal:      admin

Proceed? (Y/N):
=========================================
So it now accepts the TLD as a domain.

Comment 10 errata-xmlrpc 2016-02-10 15:23:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0159

Note You need to log in before you can comment on or make changes to this bug.