RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
If user tries to login using IPA URL - /ipa/session/login_password using script it returns with 400. 


ipaurl = 'https://{0}/ipa/session/login_password'.format(self.server)
header = {'referer': ipaurl, 'Content-Type':'application/x-www-form-urlencoded', 'Accept': 'text/plain'}
login = {'user': self.user, 'password': self.password}
rv = self.session.post(ipaurl, headers=header, data=login, verify=self.sslverify)
print rv.status_code



IPA logs says - 
[:error] [pid 28654] ipa: INFO: 400 Bad Request: Content-Type must be application/x-www-form-urlencoded


Version-Release number of selected component (if applicable):
ipa-server-4.5.0-11.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Use above code snippet.

Actual results:
Login fail with HTTP 400 error

Expected results:
Login should succeed

Abhijeet,

can you plpease attach the full script you use to test password login? I assume that `self.server' points to some FQDN but it is hard to tell whether there is not something buggy written there.

It would also be nice if you could capture the exact request sent to the server in some debug output.

Please check the script attached. I am also facing same issue when I am using Ansible IPA user module.

Created attachment 1281048 [details]
ipa_post.py

Could this bug be just dup of bug 1452215 - the form-based login fail due to SELinux. It was fixed in selinux-policy-3.13.1-152.el7 Might be worth to retry.

Scratch comment 5.  ipa_post.py defines server by IP address. IPA server has redirection rule which redirects app to FQDN if not used. But the python-request does GET request and not POST which ends with error from login_password end point.

"POST /ipa/session/login_password HTTP/1.1" 301 283
"GET /ipa/session/login_password HTTP/1.1" 301 284 "https://10.34.58.158/ipa/session/login_password" "python-requests/2.10.0"
"GET /ipa/session/login_password HTTP/1.1" 400 155


When you change 
  i = ipa('10.10.10.1') 
to e.g. 
  i = ipa('test.example.com')


then it wil start to work.

Proposing to close as not a bug.