Created attachment 1239965 [details] Error message Description of problem: When trying to log into my freshly configured 4.0.5-5 engine (set up in a test environment using QCI) and trying to access it via the IP address, I'm greeted with a message "The client is not authorized to request an authorization. It's required to access the system using FQDN." With a link "Click here to continue", which takes me to the standard landing page, but trying to go to the admin portal from there results in the same issue. If we truly do need to require users to log in using the hostname, and are rejecting any attempt through the IP address, it would be nice if this message was a little clearer. I'm trying to log in, not become authorized. The "Click here to continue" message should probably be changed, since it makes it sound like this is a recoverable thing. What can you still do? Access the doc links from that Portal page? Version-Release number of selected component (if applicable): 4.0.5 Additional info:
Created attachment 1239966 [details] Portal page
The error should use the Alert pattern in PatternFly http://www.patternfly.org/pattern-library/communication/inline-notifications/#/_code See <div class="alert alert-danger alert-dismissable">
Accessing engine using only predefined FQDN is mandatory, because part of OAUTH2 protocol (which is used by our new SSO module) is client FQDN checking (client in that is engine). So by default you should access engine only by FQDN defined during installation, if you want to add alternate FQDNs (or even IP address) please take a look at BZ1325746. Btw "The client is not authorized to request an authorization." is the official error message suggest in OAUTH2 spec, we have added "It's required to access the system using FQDN." part to make that error more understandable to users :-) So I'm closing this as NOTABUG ...
Re-opening. See Comment 2. The error message must show visually as an error by using the Alert pattern. Also, even if that's the official error message text, it's poorly worded and a bad user experience. It should be changed. Also, 'The "Click here to continue" message should probably be changed' -- agree. The current flow makes it seem like this is a recoverable error.
We will adapt the problematic error message to PatternFly Alert pattern, moving this to 4.2, when patch is ready we can discuss backport
Verified that PatternFly Alert pattern is used and "Click here to continue" message has been removed in version ovirt-engine-4.1.1.2-0.1.el7.noarch.