Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1429650 - External authentication works when logging into the Admin UI but doesn't work for the same user to get into the Service UI
External authentication works when logging into the Admin UI but doesn't work...
Status: CLOSED NOTABUG
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - Service (Show other bugs)
5.7.0
Unspecified Unspecified
high Severity high
: GA
: 5.7.2
Assigned To: Allen W
Matt Pusateri
auth:externalauth:ad:ssui
: ZStream
Depends On: 1422551
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-06 13:50 EST by Satoe Imaishi
Modified: 2017-03-30 17:54 EDT (History)
7 users (show)

See Also:
Fixed In Version: 5.7.2.0
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1422551
Environment:
Last Closed: 2017-03-30 16:39:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0898 normal SHIPPED_LIVE Moderate: cfme, cfme-appliance, and cfme-gemset security, bug fix, and enhancement update 2017-04-12 14:31:08 EDT

  None (edit)
Comment 1 Matt Pusateri 2017-03-29 11:31:05 EDT 
Validated successful on AD and OpenLDAP

FreeIPA, I had some users that could log in, but I had a user(hutteggera) that couldn't.

[----] I, [2017-03-29T10:20:22.568835 #12008:d19e08]  INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [hutteggera] - User huttegge
ra successfully validated by External httpd
[----] I, [2017-03-29T10:20:22.603384 #11931:80113c]  INFO -- : MIQ(MiqQueue.put) Message id: [876],  id: [], Zone: [default], Role: [smartstate], 
Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: [600], Pr
iority: [20], State: [ready], Deliver On: [], Data: [], Args: []
[----] I, [2017-03-29T10:20:22.623112 #12008:d19e08]  INFO -- : MIQ(MiqTask#update_status) Task: [14] [Active] [Ok] [Authorizing]
[----] I, [2017-03-29T10:20:22.774320 #12008:d19e08]  INFO -- : MIQ(Authenticator::Httpd#authorize) Authorized User: [hutteggera]
[----] I, [2017-03-29T10:20:22.774493 #12008:d19e08]  INFO -- : MIQ(MiqTask#update_status) Task: [14] [Finished] [Ok] [User authorized successfully
]
[----] I, [2017-03-29T10:20:22.808828 #12008:d19e08]  INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [hutteggera] - Authenticatio
n successful for user hutteggera
[----] E, [2017-03-29T10:20:22.892331 #12008:d19e08] ERROR -- : <API> MIQ(Api::SettingsController.api_error) API Error
[----] E, [2017-03-29T10:20:22.893201 #12008:d19e08] ERROR -- : <API> MIQ(Api::SettingsController.api_error) Api::ForbiddenError: Use of the read a
ction is forbidden
Comment 3 Chris Kacerguis 2017-03-29 12:10:59 EDT 
Matt can you please validate that the hutteggera user has the correct permissions / roles?
Comment 13 Allen W 2017-03-30 12:46:46 EDT 
this one is a doozy, almost a multi bug bz, the sui bug users no matter of if they are able to view or do anything should be let into the sui.

The NON sui bug part is it looks like when a user that belongs to multiple groups each with multiple roles with varying product features, attempts to login,is not returning all the product features from all the roles of all the groups.

gonna grab our api friend Tim to help with this one
Comment 14 Allen W 2017-03-30 16:39:29 EDT 
https://github.com/ManageIQ/manageiq-ui-service/pull/617

above doesn't really do much for this bz, as there wasn't much to do, but as a result of this bz, verbiage was updated for clarity

ends up the whole only returning product features for a users current group is by design, this can be closed! (right? )
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.