1409653 – need to ensure logging in after a failed SAML login doesn't try to reload the error page

Bug 1409653 - need to ensure logging in after a failed SAML login doesn't try to reload the error page

Summary: need to ensure logging in after a failed SAML login doesn't try to reload the...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Bugzilla
Classification:	Community
Component:	Bugzilla General
Sub Component:
Version:	5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	5.0
Assignee:	Jeff Fearn 🐞
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-02 19:07 UTC by Mikolaj Izdebski
Modified:	2018-12-09 06:29 UTC (History)
CC List:	5 users (show)
Fixed In Version:	5.0.3.rh29
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-05-15 03:11:06 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Mikolaj Izdebski 2017-01-02 19:07:58 UTC

In beta.bugzilla.redhat.com, when I browse to "Login" -> "Red Hat Associate", I am getting a "Verification Failed" page with the following error detail:

The IDP's reply failed validation: no element found at line 1, column 0, byte -1: 14^ 0160464081408 at /usr/lib64/perl5/vendor_perl/XML/Parser.pm line 187. . 

Notes:
I have a valid Kerberos ticket.
My web browser is configured for Kerberos and GSSAPI auth.
Bugzilla version: 5.0.3.rh18
Bugzilla web interface claims that "The Red Hat Associate (RHA) IDP is now working!"

Comment 1 Jeff Fearn 🐞 2017-01-08 23:43:44 UTC

This is working for me, are you still having a problem?

Comment 2 Mikolaj Izdebski 2017-01-09 12:31:00 UTC

Yes, it is still reproducible for me.

Reproducer:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, it fails, as expected
4. try to login as Red Hat associate

4th step fails, but I would expect it to succeed.

Comment 3 Alasdair Kergon 2017-04-20 00:03:19 UTC

*** Bug 1443769 has been marked as a duplicate of this bug. ***

Comment 6 Alasdair Kergon 2017-04-20 00:21:22 UTC

(In reply to Mikolaj Izdebski from comment #2)

> 4. try to login as Red Hat associate
> 
> 4th step fails, but I would expect it to succeed.

For me, it *does* login successfully - as I can see if I move to another page - but it is still showing the error page, with 'Login' on the top right.

Comment 7 Rony Gong 🔥 2017-05-09 08:03:29 UTC

Tested on QA environment(5.0.3-rh28)(bzweb-01.dev.eng.bne.redhat.com)
Result: Fail
Steps:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, page show error:

Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. . 

4. try to login as Red Hat associate again by click 'Login', then 'Red Hat Associate', page still show error:

 Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. .

Comment 8 Rony Gong 🔥 2017-05-12 06:51:54 UTC

Tested on dev environment(5.0.3-rh28)(bzweb-01.dev.eng.bne.redhat.com)
Result: Pass
Steps:
1. login as Red Hat associate, it succeeds
2. logout
3. try to login with Fedora Account System, page show error:

Parsing of the IDP's metadata failed: verify: self signed certificate at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 170. . 

4. try to login as Red Hat associate again by click 'Login', then 'Red Hat Associate', Could login automatically

Note You need to log in before you can comment on or make changes to this bug.