Description of problem: When user logs-in using ldap that is configured only on Global region appliance and tries to create vm on provider that has been added in the appliance on Remote region, the error flash message "Invalid System Authentication Token specified" appears and the VM is not created When I try the same using the everyday-normal admin user, the VM is created. Version-Release number of selected component (if applicable): Neither of these deployments worked: Version 5.11.0.23.20190904213640_d113674 Version 5.10.10.0.20190905201238_76e3ac6 How reproducible: I tried in 5.10 and migrated the db and tried on 5.11 as well (while I had to re-initiate the replication) Steps to Reproduce: 0. Take unconfigured VMs (as they need different regions) 1. Configure db, make sure they have same v2_key 2. Configure replication 3. Configure LDAP on the Global VM, create user group with users from LDAP, set users privs to super-admin 4. Log-in as ldap user 5. Try creating a VM Actual results: Error creating a VM Expected results: VM created Additional info:
Created attachment 1613226 [details] logs.global
Created attachment 1613227 [details] logs.remote
This is not a bug. The authentication must be configured in the remote regions. That is how it is designed to work. I am going to close this as not a bug. If this does not work after the authentication configuration in the global has been configured in the remote please reopen. Thank you, JoeV
I see no occurence about Centralized admin in https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html-single/managing_authentication_for_cloudforms/index Nor I see no occurence of LDAP in https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html-single/high_availability_guide/index I think the fact that LDAP needs to be configured on both instances should be documented somewhere. I think the doc for the authentication would be the palce to put it in.