1366927 – Wrong error message passed from SSO on password grant type failure

Bug 1366927 - Wrong error message passed from SSO on password grant type failure

Summary: Wrong error message passed from SSO on password grant type failure

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	AAA
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-4.0.4
Target Release:	4.0.4
Assignee:	Ravi Nori
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-15 02:05 UTC by Ravi Nori
Modified:	2016-09-26 12:38 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-09-26 12:38:08 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.0.z+ mgoldboi: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	62331	0	master	MERGED	aaa: Wrong error message passed from SSO on password grant type failure	2020-06-25 16:58:59 UTC
oVirt gerrit	62393	0	ovirt-engine-4.0	MERGED	aaa: Wrong error message passed from SSO on password grant type failure	2020-06-25 16:58:59 UTC

Description Ravi Nori 2016-08-15 02:05:20 UTC

Description of problem: When trying to obtain token from SSO using password grant type, if wrong password or username is specified the authentication fails but SSO returns an error message stating that the session has expired.


Version-Release number of selected component (if applicable): 4.0.2


How reproducible: Always


Steps to Reproduce:
1. Obtain token from SSO using password grant type

curl -v -k -H "Accept: application/json" 'http://127.0.0.1:8080/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=wrongpasswd&scope=ovirt-app-api'

Actual results:

{"error_code":"invalid_grant","error":"Session expired please try again."}


Expected results:

{"error_code":"access_denied","error":"Cannot authenticate user 'admin@internal': The user name or password is incorrect.."}

Comment 1 Martin Perina 2016-08-16 13:49:19 UTC

Moving back to POST, we need to backport to ovirt-engine-4.0

Comment 2 Gonza 2016-09-13 10:57:32 UTC

Verified with:
rhevm-4.0.3-0.1.el7ev.noarch

{"error_code":"access_denied","error":"Cannot authenticate user 'admin@internal': The user name or password is incorrect.."}

Note You need to log in before you can comment on or make changes to this bug.