Bug 1827039 - Error retrieving OpenID userinfo [RHV clone - 4.3.10]
Summary: Error retrieving OpenID userinfo [RHV clone - 4.3.10]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.3.9
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ovirt-4.3.10
: 4.3.10
Assignee: Artur Socha
QA Contact: Petr Matyáš
URL:
Whiteboard: GSSApproved
Depends On: 1825907
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-23 06:19 UTC by RHV bug bot
Modified: 2023-10-06 19:44 UTC (History)
9 users (show)

Fixed In Version: ovirt-engine-4.3.10.1
Doc Type: No Doc Update
Doc Text:
Clone Of: 1825907
Environment:
Last Closed: 2020-06-04 15:04:01 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2396 0 None None None 2020-06-04 15:04:18 UTC
oVirt gerrit 108241 0 None MERGED sso: OpendIdService should be proxyable 2021-02-08 13:59:07 UTC
oVirt gerrit 108545 0 ovirt-engine-4.3 MERGED sso: OpendIdService should be proxyable 2021-02-08 13:59:07 UTC

Description RHV bug bot 2020-04-23 06:19:42 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1825907 +++
======================================================================

Description of problem:

An error is returned when trying to retrieve the OpenID userinfo

Version-Release number of selected component (if applicable):
4.3.9.4

How reproducible:
Always

Steps to Reproduce:
1. Get an access token from the API
~~~
token=$(curl -s -k -H 'Accept: application/json' "https://${engine}/ovirt-engine/sso/oauth/token?grant_type=password&scope=ovirt-app-api&username=admin@internal&password=redhat" | jq -r '.access_token')
~~~
2. Try to retrieve the OpenID userinfo:
~~~
curl -s -k -H "Accept: application/json" -H "Authorization: Bearer ${token}" "https://${engine}/ovirt-engine/sso/openid/userinfo?access_token=${token}"
~~~

Actual results:
{"error_description":"WELD-001437: Bean type class org.ovirt.engine.core.sso.utils.openid.OpenIdService is not proxyable because it is final - <unknown javax.enterprise.inject.spi.Bean instance>.","error":"server_error"}

Expected results:
Obtain the actual user information

Additional information:
The same request works in previous versions.

(Originally by Miguel Martin Villamuelas)
Comment 9 RHV bug bot 2020-04-23 06:20:01 UTC 
This is a clone candidate and ultimately a 4.4 bug entry. Do not add ZStream kw nor ack 4.3.z flag prior to cloning. 
No data loss - decreasing severity

(Originally by michal.skrivanek)
Comment 13 Martin Perina 2020-04-24 10:54:34 UTC 
Moving back to MODIFIED, not included in latest 4.3.10 build
Comment 15 Martin Perina 2020-04-24 12:48:30 UTC 
Moving back to MODIFIED, not included in latest 4.3.10 build
Comment 17 Petr Matyáš 2020-05-04 10:34:42 UTC 
Apparently still not included in the latest build.

Using ovirt-engine-4.3.10-0.2.el7.noarch this still fails with:
{"error_description":"WELD-001437: Bean type class org.ovirt.engine.core.sso.utils.openid.OpenIdService is not proxyable because it is final - <unknown javax.enterprise.inject.spi.Bean instance>.","error":"server_error"}
Comment 19 Petr Matyáš 2020-05-12 15:36:52 UTC 
Verified on ovirt-engine-4.1.11.2-0.1.el7.noarch

Now the request returns JSON Web Token and no errors.
Comment 20 Petr Matyáš 2020-05-12 15:37:38 UTC 
Wrong machine...ovirt-engine-4.3.10.1-0.1.master.el7.noarch
Comment 22 errata-xmlrpc 2020-06-04 15:04:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2396
Note You need to log in before you can comment on or make changes to this bug.