Red Hat Bugzilla – Bug 1290931
User gets created session even when he don't have permission to login
Last modified: 2015-12-17 11:54:45 EST
Description of problem:
When user doesn't have permissions to login, he will get created session anyway.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add some external user and don't assign him any permission
2. Login as this user
Session is created and you have to logout
Session isn't created
The entire "permission to login" concept should be modified.
User login into the "entire" ovirt application, only when accessing a specific service security check is performed.
A user can actually login into the "Welcome" service, should not have any special permissions to do so.
As Alon mentioned, this should be close as not a bug. The user can authenticate himself with SSO using the user name and correct password but does not have access to any of the services. When the user tries to access the service an appropriate message is displayed indicating that the user is not authorized to perform the action.