Created attachment 1215895 [details] appliance logs Description of problem: I Cannot login to CloudfForms web UI with 2 factor authentication. SSH workfine with password+otp Error ----] I, [2016-10-25T11:22:27.889995 #3187:149cab8] INFO -- Success: MIQ(Authenticator.authenticate) userid: [user1] - User user1 successfully validated by External httpd [----] I, [2016-10-25T11:22:27.922929 #3187:149cab8] INFO -- Success: MIQ(Authenticator.authenticate) userid: [user1] - Authentication successful for user user1 [----] W, [2016-10-25T11:22:28.298411 #3172:14b1b70] WARN -- Failure: MIQ(Authenticator.authenticate) userid: [user1] - Authentication failed for userid user1: Failure setting user credentials Version-Release number of selected component (if applicable): 5.6.2 How reproducible: Steps to Reproduce: 1. Enable External auth 2. Enable 2 factor authentication for IPA/IDM user 3. try to login with password+OTP Actual results: Expected results: Additional info:
*** Bug 1364157 has been marked as a duplicate of this bug. ***
Created attachment 1220853 [details] vmdb patch tar file
Created attachment 1220854 [details] cfme-appliance patch tar file
Attached are 2 tar files contain a hot patch for this issue. To install them please do the following: cd /opt/rh/cfme-appliance # <move tar file: mk_cfme-appliance.tar here> tar xvf mk_cfme-appliance.tar cd /var/www/miq/vmdb # <move tar file: mk_manageiq_vmdb.tar here> tar xvf mk_manageiq_vmdb.tar cd /var/www/miq/vmdb systemctl stop evmserverd rake assets:clobber rake assets:precompile systemctl restart httpd systemctl start evmserverd Once this is done you will need to use the appliance_console to reconfigure external authentication. Let us know if you need help with these instructions. Please let us know if this resolves the two factor authentication failure you are encountering. JoeV and Alberto
https://github.com/ManageIQ/manageiq/pull/12697
https://github.com/ManageIQ/manageiq-appliance/pull/101
New commit detected on ManageIQ/manageiq-appliance/master: https://github.com/ManageIQ/manageiq-appliance/commit/48f60cf3a5f8481ef1002c6a14d7e15cbe5097c1 commit 48f60cf3a5f8481ef1002c6a14d7e15cbe5097c1 Author: Joe VLcek <jvlcek> AuthorDate: Wed Nov 16 13:34:21 2016 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Wed Nov 16 13:34:21 2016 -0500 Support a seperate auth URL for external authentication This will allow external auth to only do a single auth at login, which is requried by OTP configurations. https://bugzilla.redhat.com/show_bug.cgi?id=1390349 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/639a56e71b8c99fe92f2fe868f53aadf8c6e52bc commit 639a56e71b8c99fe92f2fe868f53aadf8c6e52bc Author: Joe VLcek <jvlcek> AuthorDate: Wed Nov 16 13:23:33 2016 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Wed Nov 16 13:23:33 2016 -0500 Support a seperate auth URL for external authentication This will allow external auth to only do a single auth at login, which is requried by OTP configurations. https://bugzilla.redhat.com/show_bug.cgi?id=1390349 app/assets/javascripts/miq_application.js | 21 +++++++++++++++++++++ app/controllers/dashboard_controller.rb | 26 +++++++++++++++++++------- app/views/dashboard/login.html.haml | 6 +++--- config/routes.rb | 1 + 4 files changed, 44 insertions(+), 10 deletions(-)
New commit detected on ManageIQ/manageiq/darga: https://github.com/ManageIQ/manageiq/commit/b6904869a46b2538914938114838a6babcbe5fbc commit b6904869a46b2538914938114838a6babcbe5fbc Author: Joe VLcek <jvlcek> AuthorDate: Mon Nov 14 15:39:43 2016 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Mon Nov 21 12:58:03 2016 -0500 Support a seperate auth URL for external authentication This will allow external auth to only do a single auth at login, which is requried by OTP configurations. https://bugzilla.redhat.com/show_bug.cgi?id=1390349 app/assets/javascripts/miq_application.js | 22 ++++++++++++++++++++++ app/controllers/dashboard_controller.rb | 27 ++++++++++++++++++++------- app/views/dashboard/login.html.haml | 6 +++--- config/routes.rb | 1 + 4 files changed, 46 insertions(+), 10 deletions(-)
Tested on 5.8.0.7 and verified OTP is working