Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1792135 - Not able to login again if session expired from keycloak
Summary: Not able to login again if session expired from keycloak
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 6.8.0
Assignee: Rahul Bajaj
QA Contact: Omkar Khatavkar
URL:
Whiteboard:
Depends On:
Blocks: 1772026
TreeView+ depends on / blocked
 
Reported: 2020-01-17 06:45 UTC by Nikhil Kathole
Modified: 2024-06-13 22:23 UTC (History)
10 users (show)

Fixed In Version: foreman-2.1.0-0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 13:00:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 28669 0 Normal Closed Handle session expiry for oidc users 2021-02-01 10:30:40 UTC
Foreman Issue Tracker 29416 0 Normal Closed Trigger a full page reload on session expiration 2021-02-01 10:30:40 UTC
Github theforeman foreman pull 7338 0 None closed Fixes #28669 - Fix looping after logout for SSO users 2021-02-01 10:30:40 UTC
Github theforeman foreman pull 7545 0 None closed Fixes #29416 - Trigger a full page reload on session expiration 2021-01-27 08:12:01 UTC
Red Hat Product Errata RHSA-2020:4366 0 None None None 2020-10-27 13:00:17 UTC

Description Nikhil Kathole 2020-01-17 06:45:41 UTC 
Description of problem:

User is not able to login again if session is expired via keycloak. This issue was expected to resolve via https://bugzilla.redhat.com/show_bug.cgi?id=1772026 but to track this particular scenario, raising it explicitly.
 

Version-Release number of selected component (if applicable):
Satellite 6.7 snap 8


How reproducible: always


Steps to Reproduce:
1. Integrate keycloak with satellite
2. Set session timeout for 1 minute in keycloak
3. Login keycloak user via satellite
4. wait for 1 minute to get session expired.
5. Try to login again.

Actual results:
User is not able to login again and it shows continuously error as session expired.

2020-01-17T01:41:55 [I|app|3affe10a] Started POST "/users/login" for  at 2020-01-17 01:41:55 -0500
2020-01-17T01:41:55 [I|app|3affe10a] Processing by UsersController#login as HTML
2020-01-17T01:41:55 [I|app|3affe10a]   Parameters: {"login"=>{"login"=>"admin", "password"=>"[FILTERED]"}, "authenticity_token"=>"6iOFSxNfYESujbp7EYWEQlUX+08VPePFiiGpa3vN9lMvEeFDuJjvhGqcXH5gECEEQznr0zj+qgrOle46cLPyYw=="}
2020-01-17T01:41:55 [D|app|3affe10a] Authenticated user admin against INTERNAL authentication source
2020-01-17T01:41:55 [I|app|3affe10a] User 'admin' logged in from ''
2020-01-17T01:41:55 [D|app|3affe10a] Post-login processing for admin
2020-01-17T01:41:55 [I|app|3affe10a] Redirected to https://satellite.example.com/hosts
2020-01-17T01:41:55 [I|app|3affe10a] Completed 302 Found in 58ms (ActiveRecord: 4.9ms)
2020-01-17T01:41:55 [I|app|8df28461] Started GET "/hosts" for  at 2020-01-17 01:41:55 -0500
2020-01-17T01:41:55 [I|app|8df28461] Processing by HostsController#index as HTML
2020-01-17T01:41:55 [I|app|8df28461] Session for Admin User is expired.
2020-01-17T01:41:55 [I|app|8df28461] Redirected to https://satellite.example.com/users/login
2020-01-17T01:41:55 [I|app|8df28461] Filter chain halted as :session_expiry rendered or redirected
2020-01-17T01:41:55 [I|app|8df28461] Completed 302 Found in 8ms (ActiveRecord: 2.7ms)
2020-01-17T01:41:56 [I|app|fa01788b] Started GET "/users/login" for  at 2020-01-17 01:41:56 -0500
2020-01-17T01:41:56 [I|app|fa01788b] Processing by UsersController#login as HTML
2020-01-17T01:41:56 [I|app|fa01788b]   Rendering users/login.html.erb within layouts/login
2020-01-17T01:41:56 [I|app|fa01788b]   Rendered common/_login.html.erb (0.4ms)
2020-01-17T01:41:56 [I|app|fa01788b]   Rendered users/login.html.erb within layouts/login (1.2ms)
2020-01-17T01:41:56 [I|app|fa01788b]   Rendering layouts/base.html.erb
2020-01-17T01:41:56 [I|app|fa01788b]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite-5.0.1.7/app/views/foreman_theme_satellite/_theme_client_side_branding.js.erb (0.5ms)
2020-01-17T01:41:56 [I|app|fa01788b]   Rendered layouts/base.html.erb (3.4ms)
2020-01-17T01:41:56 [I|app|fa01788b] Completed 200 OK in 7ms (Views: 5.7ms | ActiveRecord: 0.0ms)


Expected results:

User should be able to login again in same browser.


Additional info:
Comment 6 Rahul Bajaj 2020-01-20 04:57:05 UTC 
Hello,

This is a known issue and already has a fix present on Github: https://github.com/theforeman/foreman/pull/7338
Waiting for upstream review on this PR. This PR completes the end-to-flow of the feature at least for the happy paths.

Thanks,
Comment 11 Bryan Kearney 2020-04-28 14:12:26 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28669 has been resolved.
Comment 15 Omkar Khatavkar 2020-06-04 13:33:10 UTC 
Steps Executed To Verify The Issues: 

1. Configure the Satellite use the external auth and RHSSO login 
2. Updated the Settings Idle Timeout as 2 mins
3. Now login using the RHSSO user and waited for more than the 2 mins
4. trying access the application 

Expected Result:
The satellite should time out and log out the user.

Actual Result:
Satellite is still accessible and not getting logout. This is not happening the internal users.   

So marking this Bugzilla as failed as session timeout is not working for the RHSSO Users.
Comment 16 Omkar Khatavkar 2020-06-04 13:33:34 UTC 
Steps Executed To Verify The Issues: 

1. Configure the Satellite use the external auth and RHSSO login 
2. Updated the Settings Idle Timeout as 2 mins
3. Now login using the RHSSO user and waited for more than the 2 mins
4. trying access the application 

Expected Result:
The satellite should time out and log out the user.

Actual Result:
Satellite is still accessible and not getting logout. This is not happening the internal users.   

So marking this Bugzilla as failed as session timeout is not working for the RHSSO Users.
Comment 17 Omkar Khatavkar 2020-06-16 10:55:06 UTC 
Steps Executed To Verify The Issues: 

1. Configure the Satellite use the external auth and RHSSO login with URLs as https://satellite_host/users/extlogin/redirect_uri, https://satellite_host/users/extlogin.
2. Updated the Settings Idle Timeout as 2 mins
3. Now login using the RHSSO user and waited for more than the 2 mins
4. trying access the application 

Expected Result:
The satellite should time out and log out the user.

Actual Result:
Satellite timeout for the user for both RHSSO external and normal user. Bugzilla is fixed with Satellite 6.8 Snap 4. But for this extra setting is required in RHSSO side which is needed to add additional redirect URL.

Marking this bug as verified.
Comment 21 errata-xmlrpc 2020-10-27 13:00:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366
Note You need to log in before you can comment on or make changes to this bug.