Bug 1719175 - Proxy password with special character fails for insights with "407 Proxy Authentication Required"
Summary: Proxy password with special character fails for insights with "407 Proxy Auth...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: RH Cloud - Insights
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: 6.7.0
Assignee: Rex White
QA Contact: Radovan Drazny
URL:
Whiteboard:
: 1751875 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-11 08:50 UTC by anerurka
Modified: 2020-04-14 13:25 UTC (History)
19 users (show)

Fixed In Version: tfm-rubygem-redhat_access-2.2.9
Doc Type: Known Issue
Doc Text:
If an HTTP proxy password contains special characters, such as "?", Insights uploads fail with the "407 Proxy Authentication Required" error. Do not use special characters in an HTTP proxy password.
Clone Of:
Environment:
Last Closed: 2020-04-14 13:24:36 UTC
Target Upstream Version:


Attachments (Terms of Use)
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm (11.56 MB, application/x-rpm)
2020-04-08 18:04 UTC, Mike McCune
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4223081 Configure None Red Hat Satellite 6, dashboad displays error " 407 Proxy Authentication Required" for insights widget 2019-06-15 05:13:06 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:24:59 UTC

Description anerurka 2019-06-11 08:50:49 UTC
Description of problem:

Proxy with a special character password "?", integrated with Satellite Server v.6.5, fails for Insights communication, fails with "407 Proxy Authentication Required"


Version-Release number of selected component (if applicable):

redhat-access-insights-puppet-0.0.9-3.el7sat.noarch
ansiblerole-insights-client-1.6-1.el7sat.noarch


How reproducible:


Steps to Reproduce:

1. Configure Satellite with proxy with a password that has special character "?"
2. In UI, navigate to "Red Hat Insights -> Manage" --> Check Connection

Actual results:

Dashboard display "Unable to get risk summary: 407 Proxy Authentication Required"

Expected results:

There should not be any error related to Proxy.

Comment 8 Rex White 2019-08-22 21:18:16 UTC
Also, can we double check that the customer whitelisted "cert-api.access.redhat.com" in their proxy configuration?

Comment 15 Mike McCune 2019-09-12 20:02:00 UTC
We are spinning out a new BZ to track the specific $ issue but are going to move this back ON_QA to see if we can say this is VERIFIED for the majority of the special characters now covered by the changes in this bz.

Comment 16 Mike McCune 2019-09-12 20:02:19 UTC
Please see the follow-on bz for the $ issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1751875

Comment 23 Mike McCune 2019-12-17 22:21:49 UTC
*** Bug 1751875 has been marked as a duplicate of this bug. ***

Comment 26 Rex White 2020-02-25 15:45:51 UTC
Marek,

The build issue was cause by a missing dependency on katello that's been added to redhat_access.gemspec in 2.2.11 so it *should* build ok now.

Comment 27 Evgeni Golov 2020-02-28 11:40:45 UTC
It built fine, so moving back to ON_DEV

Comment 29 Radovan Drazny 2020-03-11 13:55:32 UTC
Tested with Sat 6.7 Snap 15 (tfm-rubygem-redhat_access-2.2.11-1). I have created proxy users with passwords containing "?", "$", "&" chars. In all cases Satellite was able to successfully connect to the Insights API.

Comment 39 Rex White 2020-04-07 15:06:06 UTC
Francesco,

I am not part of the satellite organization and don't have any direct information about their schedules for releasing these updates so, unfortunately, I can't give you a better estimate for a release date.  Ashish Humbe might be able to give you more information but as he mentioned previously you can request a hotfix if the customer needs this immediately.

This update would only address the Insights functions and proxied uploads from the client, though - Satellite had already addressed this issue in their own proxy function in a previous update (Insights uses a separate proxy).  The authentication errors with cert-api.access.redhat.com you see in the logs should have no effect on the customer's ability to download updates via CDN; this would seem to be an unrelated problem.

Let me know if there's anything else I can do to help!

Rex White

Comment 43 Mike McCune 2020-04-08 18:03:03 UTC
** Satellite 6.6 Hotfix Available **

1) Download tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm from this bugzilla to your Satellite

2) install:

rpm -Uvh tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm 

3) restart services

satellite-maintain service restart

4) resume operations

Comment 44 Mike McCune 2020-04-08 18:04:10 UTC
Created attachment 1677335 [details]
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm

Comment 47 errata-xmlrpc 2020-04-14 13:24:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.