Created attachment 1452934 [details] evm log Description of problem: EVM repetitively logs an error regarding SSO error: [----] E, [2018-06-19T11:00:29.568211 #23546:358f7c] ERROR -- : MIQ(ManageIQ::Providers::Redhat::NetworkManager#verify_api_credentials) Error Class=Excon::Error::Unauthorized, Message=Expected([200, 204]) <=> Ac tual(401 Unauthorized) excon.error.response :body => "{\n \"error\": {\n \"message\": \"Error during SSO authentication invalid_request : Missing parameter: 'client_secret'\",\n \"code\": 401,\n \"title\": \"Unauthorized\"\n }\n}\n" :cookies => [ ] :headers => { "Connection" => "close" "Content-Type" => "application/json" "Date" => "Tue, 19 Jun 2018 08:00:29 GMT" "Server" => "BaseHTTP/0.3 Python/2.7.5" } :host => "nsimsolo41.scl.lab.tlv.redhat.com" :local_address => "10.12.69.26" :local_port => 35016 :path => "/v2.0/tokens" :port => 35357 :reason_phrase => "Unauthorized" :remote_ip => "10.35.161.173" :status => 401 :status_line => "HTTP/1.0 401 Unauthorized\r\n" [----] W, [2018-06-19T11:00:29.568472 #23546:358f7c] WARN -- : MIQ(ManageIQ::Providers::Redhat::NetworkManager::EventCatcher::Runner#start_event_monitor) EMS [nsimsolo41.scl.lab.tlv.redhat.com] as [admin@internal] Login failed due to a bad username or password. Looks like we are missing the 'client_secret' field to be able to successfully authenticate to RHV. Version-Release number of selected component (if applicable): CFME 5.10.0.0.20180613200131_887cc81 RHV Version 4.2.4.1-0.1.el7 How reproducible: 100% Steps to Reproduce: 1. Register RHV infrastructure provider. Supply username and password and verify the credentials - should pass successfully. Actual results: Failure in SSO authentication appear in EVM.log Expected results: Should authenticate. Additional info:
After testing, this bug is still relevant on MIQ master.20180619230249_84e9fa9 and RHV Version 4.2.4.4-0.1.el7_3.
Created attachment 1453430 [details] logs and configuration from engine and host ovirt-provider-ovn logs the following error: 2018-06-21 10:20:30,591 root From: 10.12.69.40:50188 Request: POST /v2.0/tokens 2018-06-21 10:20:30,592 root Request body: {"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2018-06-21 10:20:30,592 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 133, in _handle_request method, path_parts, content) File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 68, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
Just updating on some progress with this issue: When I removed the ovirt-provider-ovn package config files from /etc/ovirt-provider-ovn/*/* on the engine, then reinstalled and restarted it, the error disappeared. So this might indicate an issue related to 'ovirt-provider-ovn' using old configuration file on recent package version. Maybe someone from RHV network team can take a look and advice on this.
Removing the v2v marking from this bug, as the issue is not related to v2v. Alona, Would you please address Mor's comment #8?
It looks like the client secret was not included in the auth request. Could the following property be missing from config: ovirt-sso-client-secret
Marcin, this is Nismsolo environment. I think this error occurred because he carried old configuration file from previous versions without engine-setup and yum update being updating it to fit the requirement for 'ovirt-sso-client-secret'.
I've just cloned (there's now way how to move the bug to RHV due to mandatory 'oVirt Team' field) this bug to RHV as BZ1599271 for further investigation of the error on RHV. There's no error on CFME side, so closing this one. *** This bug has been marked as a duplicate of bug 1599271 ***