Bug 1290931 - User gets created session even when he don't have permission to login
Summary: User gets created session even when he don't have permission to login
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: AAA
Version: 4.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Ravi Nori
QA Contact: Ondra Machacek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-11 23:01 UTC by Ondra Machacek
Modified: 2019-04-25 10:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-17 16:54:45 UTC
oVirt Team: ---
Embargoed:
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)

Description Ondra Machacek 2015-12-11 23:01:24 UTC 
Description of problem:
When user doesn't have permissions to login, he will get created session anyway.

Version-Release number of selected component (if applicable):
4.0

How reproducible:
always

Steps to Reproduce:
1. Add some external user and don't assign him any permission
2. Login as this user

Actual results:
Session is created and you have to logout

Expected results:
Session isn't created

Additional info:
Comment 1 Alon Bar-Lev 2015-12-11 23:09:39 UTC 
The entire "permission to login" concept should be modified.
User login into the "entire" ovirt application, only when accessing a specific service security check is performed.
A user can actually login into the "Welcome" service, should not have any special permissions to do so.
Comment 2 Ravi Nori 2015-12-17 13:37:52 UTC 
As Alon mentioned, this should be close as not a bug. The user can authenticate himself with SSO using the user name and correct password but does not have access to any of the services. When the user tries to access the service an appropriate message is displayed indicating that the user is not authorized to perform the action.
Note You need to log in before you can comment on or make changes to this bug.