Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1662880 - [RFE] enable support for SAML auth for python-bugzilla-cli
Summary: [RFE] enable support for SAML auth for python-bugzilla-cli
Alias: None
Product: Fedora
Classification: Fedora
Component: python-bugzilla
Version: 28
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Cole Robinson
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2019-01-02 09:58 UTC by Anna Khaitovich
Modified: 2019-01-14 15:25 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-01-14 15:25:47 UTC
Type: Bug

Attachments (Terms of Use)

Description Anna Khaitovich 2019-01-02 09:58:36 UTC
Description of problem:
With the bugzilla update, SAML auth is no longer supported for CLI.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
$ bugzilla --ensure-logged-in query -c nodejs

Actual results:
"--ensure-logged-in passed but you aren't logged in to"
After running "bugzilla login" command, "bugzilla query" was successful.

Expected results:
Successful query, authentication is done using SAML, "bugzilla login" is not required.

Additional info:

Comment 1 Cole Robinson 2019-01-09 19:03:54 UTC
Thanks for the report. The description says we no longer support SAML but we never supported SAML. It was likely using a cached login token before, saved with 'bugzilla login'

But it's an interesting question of whether we can support SAML or kerberos auth automatically. I don't know if it's possible, but I've asked internally for more details

Comment 2 Cole Robinson 2019-01-14 15:25:47 UTC
Here's the response I got from rhbz devs:

> SAML works using browser redirects, I guess it's possible to do that in
> a CLI tool, but I imagine it'd be a lot of effort.
> The supported method for long term access is APIKEYs so I'd tell them to
> use that.

So there isn't any straightforward API way to do this it seems like. I suggest looking into API keys, which I documented here: https://blog.wikichoon.com/2019/01/python-bugzilla-bugzilla-50-api-keys.html

Note You need to log in before you can comment on or make changes to this bug.