Bug 1290931 - User gets created session even when he don't have permission to login
User gets created session even when he don't have permission to login
Product: ovirt-engine
Classification: oVirt
Component: AAA (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: ---
: ---
Assigned To: Ravi Nori
Ondra Machacek
Depends On:
  Show dependency treegraph
Reported: 2015-12-11 18:01 EST by Ondra Machacek
Modified: 2015-12-17 11:54 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-17 11:54:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)

  None (edit)
Description Ondra Machacek 2015-12-11 18:01:24 EST
Description of problem:
When user doesn't have permissions to login, he will get created session anyway.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add some external user and don't assign him any permission
2. Login as this user

Actual results:
Session is created and you have to logout

Expected results:
Session isn't created

Additional info:
Comment 1 Alon Bar-Lev 2015-12-11 18:09:39 EST
The entire "permission to login" concept should be modified.
User login into the "entire" ovirt application, only when accessing a specific service security check is performed.
A user can actually login into the "Welcome" service, should not have any special permissions to do so.
Comment 2 Ravi Nori 2015-12-17 08:37:52 EST
As Alon mentioned, this should be close as not a bug. The user can authenticate himself with SSO using the user name and correct password but does not have access to any of the services. When the user tries to access the service an appropriate message is displayed indicating that the user is not authorized to perform the action.

Note You need to log in before you can comment on or make changes to this bug.