1389122 – disable local login does not work when cfme external auth is configured for IPA

Bug 1389122 - disable local login does not work when cfme external auth is configured for IPA

Summary: disable local login does not work when cfme external auth is configured for IPA

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.8.0
Assignee:	abellott
QA Contact:	Matt Pusateri
Docs Contact:
URL:
Whiteboard:	auth:externalauth:freeipa:saml:ui
Depends On:
Blocks:	1428903
TreeView+	depends on / blocked

Reported:	2016-10-26 22:07 UTC by amogh
Modified:	2017-06-12 16:38 UTC (History)
CC List:	6 users (show)
Fixed In Version:	5.8.0.0
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1428903 (view as bug list)
Environment:
Last Closed:	2017-06-12 16:38:24 UTC
Category:	---
Cloudforms Team:	CFME Core
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description amogh 2016-10-26 22:07:33 UTC

Description of problem:
disable local login does not work when cfme external auth is configured for IPA.

however, this option works fine when ext auth is configured with SAML. 

Version-Release number of selected component (if applicable):
5.7.0.7-beta1.20161025153249_9376fbd

How reproducible:
always.

Steps to Reproduce:
1. configure the cfme appliance for external auth IPA through appliance_console.
2. in the webui, check "Disable Local Login" option in configuration->Authentication page
3. Logout and login as "admin" user. Observe the admin user can login without any error.

In case of SAML the admin user login is not allowed when "Disable Local Login" is enabled. If this option is expected to work only with SAMl then needs to be display this only when "Enable SAML" is checked. Otherwise this option would confuse user.

Actual results:
disable local login does not work when cfme external auth is configured for IPA.

Expected results:
Login with local "admin" user is not expected to work. this option needs to be displayed only when saml configuration is enabled.

Comment 2 abellott 2016-12-05 16:01:12 UTC

Correct, this option is only for SAML based authentication. Should be enabled only when SAML auth is checked.

Comment 3 CFME Bot 2017-01-20 21:38:01 UTC

https://github.com/ManageIQ/manageiq-ui-classic/pull/210

Comment 4 CFME Bot 2017-01-24 10:53:07 UTC

New commit detected on ManageIQ/manageiq-ui-classic/master:
https://github.com/ManageIQ/manageiq-ui-classic/commit/83278ea004c97b4cb2d0ba3012e798171e6586de

commit 83278ea004c97b4cb2d0ba3012e798171e6586de
Author:     Alberto Bellotti <abellott>
AuthorDate: Fri Jan 20 15:52:03 2017 -0500
Commit:     Alberto Bellotti <abellott>
CommitDate: Fri Jan 20 16:21:53 2017 -0500

    Only show Disable local login checkbox with SAML is enabled.
    
    The disable local login option is only in effect when External
    authentication mode and SAML and enabled.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1389122

 app/controllers/ops_controller/settings/common.rb    |  7 +++++++
 app/views/ops/_settings_authentication_tab.html.haml | 14 ++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

Comment 8 Matt Pusateri 2017-03-08 22:40:37 UTC

So did we make a change here that allows disabling of local logins for other auth types or is it still SAML only?

Comment 9 abellott 2017-03-09 02:21:14 UTC

This is SAML only. We haven't had an Enhancement request from PM asking for this. Thanks.

Comment 10 Matt Pusateri 2017-04-28 15:36:14 UTC

Verified in 5.8.0.12-rc1 that disable local login only appears now when SAML is checked.

Comment 11 Matt Pusateri 2017-04-28 16:16:40 UTC

Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1446704

Note You need to log in before you can comment on or make changes to this bug.