Created attachment 1225651 [details] relevant logs Description of problem: Regression introduced by [1] Introduction of custom serializers for Map and List like collections has raised a conflict with serialization of ExtMap. [1] https://gerrit.ovirt.org/#/c/64061/ Version-Release number of selected component (if applicable): ovirt-engine-4.1.0-0.0.master.20161125091311.gitd47134a.el7.centos.noarch How reproducible: 100% Steps to Reproduce: 1. Configure SSO 2. Curl to engine api Actual results: 401 unauthorized Expected results: 200 OK Additional info: Relevant logs attached.
Verified with: ovirt-engine-4.1.0-0.2.master.20161213122836.git2cd5587.el7.centos.noarch ovirt-engine-extension-aaa-ldap-1.3.1-0.0.master.20170115190508.gitda48d9d.el7.noarch # curl -v -k --negotiate -u : https://example.com/ovirt-engine/api * About to connect() to example.com port 443 (#0) * Trying {IP}... * Connected to example.com ({IP}) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: CN=example.com,O=rhev.lab.eng.brq.redhat.com,C=US * start date: Nov 28 08:51:11 2016 GMT * expire date: Nov 03 08:51:11 2021 GMT * common name: example.com * issuer: CN=example.com.41406,O=rhev.lab.eng.brq.redhat.com,C=US > GET /ovirt-engine/api HTTP/1.1 > User-Agent: curl/7.29.0 > Host: example.com > Accept: */* > < HTTP/1.1 401 Unauthorized < Date: Fri, 03 Feb 2017 15:00:30 GMT < Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.4.0 < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < WWW-Authenticate: Negotiate < Cache-Control: no-cache < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < Content-Length: 163 < Content-Type: text/html; charset=iso-8859-1 < * Ignoring the response-body * Connection #0 to host example.com left intact * Issue another request to this URL: 'https://example.com/ovirt-engine/api' * Found bundle for host example.com: 0x11eef20 * Re-using existing connection! (#0) with host example.com * Connected to example.com ({IP}) port 443 (#0) * Server auth using GSS-Negotiate with user '' > GET /ovirt-engine/api HTTP/1.1 > Authorization: Negotiate ... > User-Agent: curl/7.29.0 > Host: example.com > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 03 Feb 2017 15:00:31 GMT < Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_gssapi/1.4.0 < WWW-Authenticate: Negotiate ... < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < Content-Type: application/xml < Content-Length: 4120 < Correlation-Id: 7ebfaa40-89d8-45e3-a2ab-856b17e7d93b < Link: ... < Vary: Accept-Encoding < Cache-Control: no-cache < Set-Cookie: ovirt_gssapi_session=;Max-Age=0;path=/private;httponly;secure; < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <api> ... </api> * Closing connection 0