1719175 – Proxy password with special character fails for insights with "407 Proxy Authentication Required"

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1719175 - Proxy password with special character fails for insights with "407 Proxy Authentication Required"

Summary: Proxy password with special character fails for insights with "407 Proxy Auth...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	RH Cloud - Insights
Sub Component:
Version:	6.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	6.7.0
Assignee:	Rex White
QA Contact:	Radovan Drazny
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1751875 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-06-11 08:50 UTC by anerurka
Modified:	2023-09-07 20:07 UTC (History)
CC List:	19 users (show)
Fixed In Version:	tfm-rubygem-redhat_access-2.2.9
Doc Type:	Known Issue
Doc Text:	If an HTTP proxy password contains special characters, such as "?", Insights uploads fail with the "407 Proxy Authentication Required" error. Do not use special characters in an HTTP proxy password.
Clone Of:
Environment:
Last Closed:	2020-04-14 13:24:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm (11.56 MB, application/x-rpm) 2020-04-08 18:04 UTC, Mike McCune	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	4223081	0	Configure	None	Red Hat Satellite 6, dashboad displays error " 407 Proxy Authentication Required" for insights widget	2019-06-15 05:13:06 UTC
Red Hat Product Errata	RHSA-2020:1454	0	None	None	None	2020-04-14 13:24:59 UTC

Description anerurka 2019-06-11 08:50:49 UTC

Description of problem:

Proxy with a special character password "?", integrated with Satellite Server v.6.5, fails for Insights communication, fails with "407 Proxy Authentication Required"


Version-Release number of selected component (if applicable):

redhat-access-insights-puppet-0.0.9-3.el7sat.noarch
ansiblerole-insights-client-1.6-1.el7sat.noarch


How reproducible:


Steps to Reproduce:

1. Configure Satellite with proxy with a password that has special character "?"
2. In UI, navigate to "Red Hat Insights -> Manage" --> Check Connection

Actual results:

Dashboard display "Unable to get risk summary: 407 Proxy Authentication Required"

Expected results:

There should not be any error related to Proxy.

Comment 8 Rex White 2019-08-22 21:18:16 UTC

Also, can we double check that the customer whitelisted "cert-api.access.redhat.com" in their proxy configuration?

Comment 15 Mike McCune 2019-09-12 20:02:00 UTC

We are spinning out a new BZ to track the specific $ issue but are going to move this back ON_QA to see if we can say this is VERIFIED for the majority of the special characters now covered by the changes in this bz.

Comment 16 Mike McCune 2019-09-12 20:02:19 UTC

Please see the follow-on bz for the $ issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1751875

Comment 23 Mike McCune 2019-12-17 22:21:49 UTC

*** Bug 1751875 has been marked as a duplicate of this bug. ***

Comment 26 Rex White 2020-02-25 15:45:51 UTC

Marek,

The build issue was cause by a missing dependency on katello that's been added to redhat_access.gemspec in 2.2.11 so it *should* build ok now.

Comment 27 Evgeni Golov 2020-02-28 11:40:45 UTC

It built fine, so moving back to ON_DEV

Comment 29 Radovan Drazny 2020-03-11 13:55:32 UTC

Tested with Sat 6.7 Snap 15 (tfm-rubygem-redhat_access-2.2.11-1). I have created proxy users with passwords containing "?", "$", "&" chars. In all cases Satellite was able to successfully connect to the Insights API.

Comment 39 Rex White 2020-04-07 15:06:06 UTC

Francesco,

I am not part of the satellite organization and don't have any direct information about their schedules for releasing these updates so, unfortunately, I can't give you a better estimate for a release date.  Ashish Humbe might be able to give you more information but as he mentioned previously you can request a hotfix if the customer needs this immediately.

This update would only address the Insights functions and proxied uploads from the client, though - Satellite had already addressed this issue in their own proxy function in a previous update (Insights uses a separate proxy).  The authentication errors with cert-api.access.redhat.com you see in the logs should have no effect on the customer's ability to download updates via CDN; this would seem to be an unrelated problem.

Let me know if there's anything else I can do to help!

Rex White

Comment 43 Mike McCune 2020-04-08 18:03:03 UTC

** Satellite 6.6 Hotfix Available **

1) Download tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm from this bugzilla to your Satellite

2) install:

rpm -Uvh tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm 

3) restart services

satellite-maintain service restart

4) resume operations

Comment 44 Mike McCune 2020-04-08 18:04:10 UTC

Created attachment 1677335 [details]
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm

Comment 47 errata-xmlrpc 2020-04-14 13:24:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454

Note You need to log in before you can comment on or make changes to this bug.