Description of problem: When logging in as admin on a CF 4.5 configured with Red Hat SSO 7.1 on opening https://apliance.example.com it suddenly redirects the browser to the SSO login page, instead of waiting a selection between SSO or local authentication (as expected). On logout, the browser is redirected to https://appliance.example.com/saml2 which raises a 404 Version-Release number of selected component (if applicable): 5.8.0 How reproducible: all the time in customer environment Steps to Reproduce (local login): 1. configure CF to use RH SSO 7.1 2. log in with local admin 3. Actual results: redirected back to SSO on login Expected results: wait for a selectino between SSO or local authentication Steps to reproduce (logout) 1 - log in as any user 2 - log out Actual results: redirected to a 404 Expected results: redirected to /saml_login Additional info: The customer found changes that would help resolve this issue and implemented them to work around this issue but the fix for their issue is reverted when Cloudforms is restarted.
The auto-redirect seems caused by the following HTML code embedded into CF main login page <script> $(function () { $('#saml_login').click(); }); </script> referring to the previous HTML <a id="saml_login" class="btn btn-primary form-control" alt="Login" title="Login to Corporate System" data-method="post" data-miq_sparkle_on="true" data-submit="login_div" data-remote="true" href="/dashboard/initiate_saml_login?button=saml_login">Login to Corporate System</a> The main login page generated using /opt/rh/cfme-gemset/gems/manageiq-ui-classic-0.1.0/app/views/dashboard/login.html.haml which at the end contains: - auto_login = session[:auto_login] # Set to false via dashboard/logout - session[:auto_login] = true - if ext_auth?(:sso_enabled) - if auto_login != false - if ext_auth?(:saml_enabled) :javascript $(function () { $('#saml_login').click(); }); - else :javascript $(function () { $('#sso_login').click(); }); - elsif @user_name # If user name is pre-populated by the server, press the Login button automatically :javascript $(function () { $('#login').click(); }); So, to be able to login as admin, we can open https://appliance.example.com/dashboard/logout To work around the second issue, use http://talk.manageiq.org/t/keycloak-2-5-1-saml-integration/2134/3
Felix, This was initially reported over a year ago. It is working properly on recent builds. Please confirm if this is still an issue. Thank you. JoeV
(In reply to Joe Vlcek from comment #10) > Felix, > > This was initially reported over a year ago. It is working properly > on recent builds. > > Please confirm if this is still an issue. > > > Thank you. JoeV the case reporting the issue has been closed. Maybe we should ask QA to replicate the issue before closing this, just in case.
(In reply to Felix Dewaleyne from comment #11) > (In reply to Joe Vlcek from comment #10) > > Felix, > > > > This was initially reported over a year ago. It is working properly > > on recent builds. > > > > Please confirm if this is still an issue. > > > > > > Thank you. JoeV > > the case reporting the issue has been closed. Maybe we should ask QA to > replicate the issue before closing this, just in case. I've tested this and it works for me. So I'm going to close it as "WORKSFORME" We can reopen it or open a new BZ is similar failures are reported in the future. JoeV