On current master of horizon, when WebSSO is configured, after selecting the SSO auth method from the "Authenticate Using" dropdown menu, instead of redirecting to the configured identity provider, horizon redirects to /dashboard/auth/login/default/auth/OS-FEDERATION/websso/mapped and then 404s. git bisect shows that this is the commit that introduced the bug: https://review.openstack.org/593650 stable/rocky works fine. Steps to reproduce ------------------ Configure horizon with: WEBSSO_ENABLED = True WEBSSO_CHOICES = (("credentials", _("Keystone Credentials")), ("mapped", _("External Authentication Service")),) DEBUG = True In the dropdown menu on the login screen, select "External Authentication Service" Expected behavior ----------------- Horizon should redirect to the configured identity provider for the keystone federation protocol named "mapped". If you have not fully set up federation in keystone, keystone should return a 401. Actual behavior --------------- Horizon returns a 404 with this message: Using the URLconf defined in openstack_dashboard.urls, Django tried these URL patterns, in this order: ^$ [name='splash'] ^api/ ^header/ ^home/$ [name='user_home'] ^i18n/js/(?P<packages>\S+?)/$ [name='jsi18n'] ^i18n/setlang/$ [name='set_language'] ^i18n/ ^jasmine-legacy/$ [name='jasmine_tests'] ^jasmine/.*?$ ^settings/ ^identity/ ^admin/ ^project/ ^ngdetails/ [name='ngdetails'] ^auth/ ^login/$ [name='login'] ^auth/ ^logout/$ [name='logout'] ^auth/ ^switch/(?P<tenant_id>[^/]+)/$ [name='switch_tenants'] ^auth/ ^switch_services_region/(?P<region_name>[^/]+)/$ [name='switch_services_region'] ^auth/ ^switch_keystone_provider/(?P<keystone_provider>[^/]+)/$ [name='switch_keystone_provider'] ^auth/ ^websso/$ [name='websso'] ^auth/ ^error/$ ^dashboard\/static\/(?P<path>.*)$ ^dashboard\/media\/(?P<path>.*)$ ^500/$ The current path, auth/login/default/auth/OS-FEDERATION/websso/mapped, didn't match any of these.
I got properly redirected to keystone: python-django-horizon-14.0.1-0.20181006183341.19865ee.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2811