Description of problem: With the new build of Candlepin 4.1.10 they have changed the way entitlement certificates are generated. Before they would look like: Subject: CN=eb48d5a8-b759-417c-97f7-93dc2369de29 Now the new cert looks like: Subject: O=Default_Organization, CN=eb48d5a8-b759-417c-97f7-93dc2369de29 So we get an unauthorized because of the way we parse the ID which now comes back looking like: "/O=Default_Organizationeb48d5a8-b759-417c-97f7-93dc2369de29" This issue is to address the way we grab the CN from the cert so it works for the new version of Candlepin and the older versions. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install nightly devel box or 7.0 2. Upgrade candlepin to 4.1.10 from here https://brewweb.engineering.redhat.com/brew/packageinfo?packageID=30479 3.Follow the steps here to update it: https://theforeman.org/plugins/katello/developers.html#upgrading-candlepin Actual results: trying to either register a client or talk to the /rhsm endpoint on Katello returns a 401 unauthorized error. We see the register work the first time since that is user/pass but the 2nd call to the /rshm endpoint fails since we use the identity cert. Expected results: Client registrations able to work correctly and not get a 401 unauthorized error Additional info: Candlepin team confirmed this change was intentional: <bcourt> Toledo, yes, adding the org-id to the identity cert was intentional <bcourt> basically, consistency with the entitlement certs
Upstream bug assigned to chrobert
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/34306 has been resolved.
Verified on Satellite 6.11, snap 18.5 running on RHEL 8 (candlepin-4.1.12-1.el8sat.noarch). Steps to Test: 1. Deploy Satellite 6.11. 2. Register a host to Satellite using the Hosts > Register Hosts workflow. Expected Results: The host is registered successfully. Actual Results: The host is registered successfully.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498