1446704 – Auth - External Auth - FreeIPA Disable local logins in black console should only work with SAML

Bug 1446704 - Auth - External Auth - FreeIPA Disable local logins in black console should only work with SAML

Summary: Auth - External Auth - FreeIPA Disable local logins in black console should o...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	GA
Target Release:	5.10.0
Assignee:	Joe Vlcek
QA Contact:	Antonin Pagac
Docs Contact:
URL:
Whiteboard:	auth:externalauth:freeipa:black
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-04-28 16:16 UTC by Matt Pusateri
Modified:	2019-06-18 17:29 UTC (History)
CC List:	7 users (show)
Fixed In Version:	5.10.0.14
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-18 17:29:33 UTC
Category:	---
Cloudforms Team:	CFME Core
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Matt Pusateri 2017-04-28 16:16:13 UTC

Description of problem:

Disable local logins in black console should only work if SAML is enabled.  related to this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1389122   

Version-Release number of selected component (if applicable):
5.8.0.12-rc1

How reproducible:


Steps to Reproduce:
1. Configure external auth for FreeIPA via black console. Option 11
2. Select Option 12 Update External Authentication Options
3. Select Option 3 Disable Local Logins.

Actual results:
Disabling of local logins gives successful message and if you navigate back into the external options, Option 3 is now Enable Local logins.  Fortunately local logins are not really disabled as you can still log into the web UI with Admin. Navigating to the Authentication page SAML is still unchecked, if you check SAML disable local logins is checked.

Expected results:
Black console should not let you disbable local logins or try to if SAML is not enabled. 

Additional info:

related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1389122

Comment 2 Joe Vlcek 2017-11-06 19:59:19 UTC

I would argue that the observed behavior is acceptable.

If one uses the black console to disable local logins for SAML logins but 
SAML is not yet configured then local logins still works until SAML is configured.

Perhaps the Black Console should be reworded to state:

"Disable Local Logins When Using SAML"  but that is a minor nit so I'm setting the
severity of this BZ to LOW.

Comment 3 CFME Bot 2018-08-17 18:34:11 UTC

https://github.com/ManageIQ/manageiq-appliance_console/pull/61

Comment 4 CFME Bot 2018-08-20 13:39:19 UTC

New commit detected on ManageIQ/manageiq-appliance_console/master:

https://github.com/ManageIQ/manageiq-appliance_console/commit/19be318f0424213175c68f0ee4b5de51b28ddacf
commit 19be318f0424213175c68f0ee4b5de51b28ddacf
Author:     Joe VLcek <jvlcek>
AuthorDate: Fri Aug 17 14:19:04 2018 -0400
Commit:     Joe VLcek <jvlcek>
CommitDate: Fri Aug 17 14:19:04 2018 -0400

    Reword Local Login prompt to indicate it's for SAML or OIDC

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1446704

 lib/manageiq/appliance_console/external_auth_options.rb | 8 +-
 1 file changed, 4 insertions(+), 4 deletions(-)

Comment 6 Joe Vlcek 2018-08-23 17:00:06 UTC

Moving back to POST.

https://github.com/ManageIQ/manageiq-appliance/pull/204#issuecomment-415492096

Comment 7 Antonin Pagac 2019-05-29 09:40:46 UTC

Verified with 5.10.5.0 and 5.11.0.5.

Note You need to log in before you can comment on or make changes to this bug.