Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1640277

Summary: WebSSO initial redirect 404s
Product: Red Hat OpenStack Reporter: Adam Young <ayoung>
Component: python-django-horizonAssignee: Radomir Dopieralski <rdopiera>
Status: CLOSED ERRATA QA Contact: Beth White <beth.white>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 15.0 (Stein)CC: athomas, jrist, mbarnett, mrunge, rdopiera, sclewis, tvignaud, ukalifon
Target Milestone: rcKeywords: Triaged
Target Release: 15.0 (Stein)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-django-horizon-14.0.1-0.20181006183341.19865ee.el7ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-21 11:19:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Young 2018-10-17 18:06:36 UTC 
On current master of horizon, when WebSSO is configured, after selecting the SSO auth method from the "Authenticate Using" dropdown menu, instead of redirecting to the configured identity provider, horizon redirects to /dashboard/auth/login/default/auth/OS-FEDERATION/websso/mapped and then 404s.

git bisect shows that this is the commit that introduced the bug: https://review.openstack.org/593650

stable/rocky works fine.

Steps to reproduce
------------------

Configure horizon with:

 WEBSSO_ENABLED = True
 WEBSSO_CHOICES = (("credentials", _("Keystone Credentials")), ("mapped", _("External Authentication Service")),)
 DEBUG = True

In the dropdown menu on the login screen, select "External Authentication Service"

Expected behavior
-----------------

Horizon should redirect to the configured identity provider for the keystone federation protocol named "mapped". If you have not fully set up federation in keystone, keystone should return a 401.

Actual behavior
---------------

Horizon returns a 404 with this message:

Using the URLconf defined in openstack_dashboard.urls, Django tried these URL patterns, in this order:

^$ [name='splash']
^api/
^header/
^home/$ [name='user_home']
^i18n/js/(?P<packages>\S+?)/$ [name='jsi18n']
^i18n/setlang/$ [name='set_language']
^i18n/
^jasmine-legacy/$ [name='jasmine_tests']
^jasmine/.*?$
^settings/
^identity/
^admin/
^project/
^ngdetails/ [name='ngdetails']
^auth/ ^login/$ [name='login']
^auth/ ^logout/$ [name='logout']
^auth/ ^switch/(?P<tenant_id>[^/]+)/$ [name='switch_tenants']
^auth/ ^switch_services_region/(?P<region_name>[^/]+)/$ [name='switch_services_region']
^auth/ ^switch_keystone_provider/(?P<keystone_provider>[^/]+)/$ [name='switch_keystone_provider']
^auth/ ^websso/$ [name='websso']
^auth/ ^error/$
^dashboard\/static\/(?P<path>.*)$
^dashboard\/media\/(?P<path>.*)$
^500/$
The current path, auth/login/default/auth/OS-FEDERATION/websso/mapped, didn't match any of these.
Comment 10 Udi Kalifon 2018-12-04 10:45:08 UTC 
I got properly redirected to keystone: python-django-horizon-14.0.1-0.20181006183341.19865ee.el7ost.noarch
Comment 15 errata-xmlrpc 2019-09-21 11:19:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:2811