Bug 1430835 - CSRF tokens are erroneously being checked for external authentication
Summary: CSRF tokens are erroneously being checked for external authentication
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.7.2
Assignee: Martin Povolny
QA Contact: Matt Pusateri
Whiteboard: auth:externalauth
Depends On: 1429011
TreeView+ depends on / blocked
Reported: 2017-03-09 16:50 UTC by Satoe Imaishi
Modified: 2022-07-09 08:24 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1429011
Last Closed: 2017-04-12 14:44:24 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0898 0 normal SHIPPED_LIVE Moderate: cfme, cfme-appliance, and cfme-gemset security, bug fix, and enhancement update 2017-04-12 18:31:08 UTC

Comment 2 CFME Bot 2017-03-09 18:31:10 UTC
New commit detected on ManageIQ/manageiq/euwe:

commit 337e83a28256a149aa8a61bec71cb2af2e57796f
Author:     Milan Zázrivec <mzazrivec@redhat.com>
AuthorDate: Wed Mar 8 09:42:12 2017 +0100
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Thu Mar 9 13:28:51 2017 -0500

    Merge pull request #595 from martinpovolny/csrf_skip
    Adding an exception for forgery token for external auth.
    (cherry picked from commit 5fa64da998d2d758e289afb6a19d626ea3bc6f3d)

 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Matt Pusateri 2017-04-03 14:01:35 UTC
Verified against FreeIPA/AD auth providers

Comment 4 errata-xmlrpc 2017-04-12 14:44:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.