Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
Summary: [Authentication] External auth login using Kerberos SSO is failing for AD and...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.8.0
Hardware: All
OS: All
unspecified
medium
Target Milestone: 6.8.0
Assignee: satellite6-bugs
QA Contact: Omkar Khatavkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-09 10:54 UTC by Omkar Khatavkar
Modified: 2020-10-27 13:09 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 13:08:57 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 30535 0 High Closed When using Puma with Foreman 2.1 FreeIPA external authentication does not work 2021-02-18 15:34:30 UTC
Red Hat Product Errata RHSA-2020:4366 0 None None None 2020-10-27 13:09:18 UTC

Description Omkar Khatavkar 2020-09-09 10:54:54 UTC
Description of problem:
[Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only

it is working fine on Satellite 6.7.3       

Version-Release number of selected component (if applicable):
Satellite 6.8 snap 14 

How reproducible:
Always 

Steps to Reproduce:
1.Configure the Extrernal Auth to Satellite mentioned on link 

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.7/html/administering_red_hat_satellite/chap-red_hat_satellite-administering_red_hat_satellite-configuring_external_authentication#sect-Red_Hat_Satellite-Administering_Red_Hat_Satellite-Configuring_External_Authentication-Using_Active_Directory

2.Get the Kerberos Ticket 
 
3. try curl -k -u : --negotiate https://satelliteexample.com/users/extlogin/


Actual results:

User is redirected to login page again and Satellite not able to validate the ticket details e.g. 

>>> curl -k -u : --negotiate https://satellite.example.com/users/extlogin/

<<< stdout
<html><body>You are being <a href="https://satellite.example.com/users/login">redirected</a>.</body></html>



Expected results:

User should redirected to profile page e.g

>>> curl -k -u : --negotiate https://satellite.example.com/users/extlogin/

<<< stdout
<html><body>You are being <a href="https://satellite.example.com/users/8-foobar/edit">redirected</a>.</body></html> 

Additional info:

Comment 11 errata-xmlrpc 2020-10-27 13:08:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366


Note You need to log in before you can comment on or make changes to this bug.