Bug 1412687 - Awkward attempted login error
Summary: Awkward attempted login error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.0.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.1.1
: ---
Assignee: Ravi Nori
QA Contact: Radim Hrazdil
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-12 14:48 UTC by Matt Reid
Modified: 2017-04-25 01:07 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-16 09:21:42 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Error message (325.11 KB, image/png)
2017-01-12 14:48 UTC, Matt Reid
no flags Details
Portal page (374.30 KB, image/png)
2017-01-12 14:48 UTC, Matt Reid
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:0997 0 normal SHIPPED_LIVE Red Hat Virtualization Manager (ovirt-engine) 4.1 GA 2017-04-18 20:11:26 UTC
oVirt gerrit 71126 0 None None None 2017-01-24 18:33:42 UTC
oVirt gerrit 71586 0 None None None 2017-02-13 14:09:57 UTC

Description Matt Reid 2017-01-12 14:48:23 UTC
Created attachment 1239965 [details]
Error message

Description of problem:
When trying to log into my freshly configured 4.0.5-5 engine (set up in a test environment using QCI) and trying to access it via the IP address, I'm greeted with a message "The client is not authorized to request an authorization. It's required to access the system using FQDN." With a link "Click here to continue", which takes me to the standard landing page, but trying to go to the admin portal from there results in the same issue.

If we truly do need to require users to log in using the hostname, and are rejecting any attempt through the IP address, it would be nice if this message was a little clearer. I'm trying to log in, not become authorized.

The "Click here to continue" message should probably be changed, since it makes it sound like this is a recoverable thing. What can you still do? Access the doc links from that Portal page?

Version-Release number of selected component (if applicable):
4.0.5

Additional info:

Comment 1 Matt Reid 2017-01-12 14:48:51 UTC
Created attachment 1239966 [details]
Portal page

Comment 2 Greg Sheremeta 2017-01-12 21:13:36 UTC
The error should use the Alert pattern in PatternFly

http://www.patternfly.org/pattern-library/communication/inline-notifications/#/_code

See
<div class="alert alert-danger alert-dismissable">

Comment 3 Martin Perina 2017-01-16 09:21:42 UTC
Accessing engine using only predefined FQDN is mandatory, because part of OAUTH2 protocol (which is used by our new SSO module) is client FQDN checking (client in that is engine). So by default you should access engine only by FQDN defined during installation, if you want to add alternate FQDNs (or even IP address) please take a look at BZ1325746.

Btw "The client is not authorized to request an authorization." is the official error message suggest in OAUTH2 spec, we have added "It's required to access the system using FQDN." part to make that error more understandable to users :-)

So I'm closing this as NOTABUG ...

Comment 4 Greg Sheremeta 2017-01-16 14:56:06 UTC
Re-opening. See Comment 2. The error message must show visually as an error by using the Alert pattern.

Also, even if that's the official error message text, it's poorly worded and a bad user experience. It should be changed.

Also, 'The "Click here to continue" message should probably be changed' -- agree. The current flow makes it seem like this is a recoverable error.

Comment 5 Martin Perina 2017-01-24 15:00:31 UTC
We will adapt the problematic error message to PatternFly Alert pattern, moving this to 4.2, when patch is ready we can discuss backport

Comment 6 Radim Hrazdil 2017-02-20 08:22:15 UTC
Verified that PatternFly Alert pattern is used and "Click here to continue" message has been removed in version ovirt-engine-4.1.1.2-0.1.el7.noarch.


Note You need to log in before you can comment on or make changes to this bug.