Bug 1640277 - WebSSO initial redirect 404s
Summary: WebSSO initial redirect 404s
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-django-horizon
Version: 15.0 (Stein)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: 15.0 (Stein)
Assignee: Radomir Dopieralski
QA Contact: Beth White
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-17 18:06 UTC by Adam Young
Modified: 2019-09-26 10:46 UTC (History)
8 users (show)

Fixed In Version: python-django-horizon-14.0.1-0.20181006183341.19865ee.el7ost
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-21 11:19:11 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1794710 0 None None None 2018-10-17 18:06:35 UTC
OpenStack gerrit 611387 0 None MERGED Properly calculate auth_url for WEBSSO from POST data 2021-01-21 08:58:05 UTC
Red Hat Product Errata RHEA-2019:2811 0 None None None 2019-09-21 11:19:30 UTC

Description Adam Young 2018-10-17 18:06:36 UTC
On current master of horizon, when WebSSO is configured, after selecting the SSO auth method from the "Authenticate Using" dropdown menu, instead of redirecting to the configured identity provider, horizon redirects to /dashboard/auth/login/default/auth/OS-FEDERATION/websso/mapped and then 404s.

git bisect shows that this is the commit that introduced the bug: https://review.openstack.org/593650

stable/rocky works fine.

Steps to reproduce
------------------

Configure horizon with:

 WEBSSO_ENABLED = True
 WEBSSO_CHOICES = (("credentials", _("Keystone Credentials")), ("mapped", _("External Authentication Service")),)
 DEBUG = True

In the dropdown menu on the login screen, select "External Authentication Service"

Expected behavior
-----------------

Horizon should redirect to the configured identity provider for the keystone federation protocol named "mapped". If you have not fully set up federation in keystone, keystone should return a 401.

Actual behavior
---------------

Horizon returns a 404 with this message:

Using the URLconf defined in openstack_dashboard.urls, Django tried these URL patterns, in this order:

^$ [name='splash']
^api/
^header/
^home/$ [name='user_home']
^i18n/js/(?P<packages>\S+?)/$ [name='jsi18n']
^i18n/setlang/$ [name='set_language']
^i18n/
^jasmine-legacy/$ [name='jasmine_tests']
^jasmine/.*?$
^settings/
^identity/
^admin/
^project/
^ngdetails/ [name='ngdetails']
^auth/ ^login/$ [name='login']
^auth/ ^logout/$ [name='logout']
^auth/ ^switch/(?P<tenant_id>[^/]+)/$ [name='switch_tenants']
^auth/ ^switch_services_region/(?P<region_name>[^/]+)/$ [name='switch_services_region']
^auth/ ^switch_keystone_provider/(?P<keystone_provider>[^/]+)/$ [name='switch_keystone_provider']
^auth/ ^websso/$ [name='websso']
^auth/ ^error/$
^dashboard\/static\/(?P<path>.*)$
^dashboard\/media\/(?P<path>.*)$
^500/$
The current path, auth/login/default/auth/OS-FEDERATION/websso/mapped, didn't match any of these.

Comment 10 Udi Kalifon 2018-12-04 10:45:08 UTC
I got properly redirected to keystone: python-django-horizon-14.0.1-0.20181006183341.19865ee.el7ost.noarch

Comment 15 errata-xmlrpc 2019-09-21 11:19:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:2811


Note You need to log in before you can comment on or make changes to this bug.