Red Hat Bugzilla – Bug 1443800
Authentication Self_Service UI externalauth/miqldap Lack of user perms clarification
Last modified: 2017-05-31 10:55:32 EDT
New commit detected on ManageIQ/manageiq-ui-service/fine: https://github.com/ManageIQ/manageiq-ui-self_service/commit/e93af55ec6b01e815dbd54d75c240754c83a0009 commit e93af55ec6b01e815dbd54d75c240754c83a0009 Author: Chris Kacerguis <chriskacerguis@users.noreply.github.com> AuthorDate: Wed Apr 19 16:14:37 2017 -0500 Commit: Satoe Imaishi <simaishi@redhat.com> CommitDate: Wed Apr 19 20:38:49 2017 -0400 Merge pull request #693 from AllenBW/bz/1440931-block-unpriveleged-user-login BZ#1440931-Refuse login for users with only dashboard role (cherry picked from commit 8a7e8ca887df68340df218212e6847909007f3d5) https://bugzilla.redhat.com/show_bug.cgi?id=1443800 client/app/core/rbac.service.js | 3 +-- client/app/core/session.service.spec.js | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-)
Validated in MIQLDAP (FreeIPA) 5.8.0.12-rc1
Validated in External Auth FreeIPA,AD,OpenLDAP 5.8.0.14-rc3
I'm reopening this. While the user who doesn't have the correct perms, now get's a proper error messsage in the UI. " Error! You do not have permission to view the Service UI. Contact your administrator to update your group permissions." The evm.log shows that they have been authorized successfully which is not true. The evm.log should show that the user didn't have proper permissions. [----] I, [2017-05-18T12:04:53.961002 #12144:11c7004] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [test-user5] - User test- user5 successfully validated by External httpd [----] I, [2017-05-18T12:04:53.979072 #12144:11c7004] INFO -- : MIQ(MiqTask#update_status) Task: [176] [Active] [Ok] [Authorizing] [----] I, [2017-05-18T12:04:54.011490 #12144:11c7004] INFO -- : MIQ(Authenticator::Httpd#authorize) Authorized User: [test-user5] [----] I, [2017-05-18T12:04:54.011710 #12144:11c7004] INFO -- : MIQ(MiqTask#update_status) Task: [176] [Finished] [Ok] [User authorized successf ully] [----] I, [2017-05-18T12:04:54.034520 #12144:11c7004] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [test-user5] - Authentica tion successful for user test-user5 Specifically this line: [----] I, [2017-05-18T12:04:54.011710 #12144:11c7004] INFO -- : MIQ(MiqTask#update_status) Task: [176] [Finished] [Ok] [User authorized successf ully] Which is not true. they are not authorized.
Validated that the user gets an error message in SSUI in External Auth FreeIPA,AD,OpenLDAP 5.8.0.14-rc3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1367