Description of problem: At least using firefox and chrome, I can't access API URLs which require authentication, I think because the katello web server doesn't send an www-authenticate header, and therefore the browser doesn't prompt for or send credentials. Version-Release number of selected component (if applicable): Don't know which component to report version of, but I just installed it today (1-may-2012) How reproducible: Always Steps to Reproduce: Try the following URLs: https://hostname/headpin/api works https://hostname/headpin/api/systems fails ("Invalid credentials") https://admin:admin@hostname/headpin/api/systems fails ("Invalid credentials"), at least in chrome and firefox $ curl -k -u admin:admin https://hostname/headpin/api/systems works Actual results: See above Expected results: All expected to work Additional info:
Thank you for your bug report. This issue was evaluated for inclusion in the current release of Subscription Asset Manager (SAM). Unfortunately, we are unable to address this request. Because we are in the final stages of development in the current release, only significant, release-blocking issues involving serious regressions and data corruption can be considered. If you believe this issue meets the release blocking criteria as defined and communicated to you by your Red Hat Support representative, please ask your representative to file this issue as a blocker for the current release. Otherwise, ask that it be evaluated for inclusion in the next release of SAM.
related to bug https://bugzilla.redhat.com/show_bug.cgi?id=804661
https://github.com/Katello/katello/pull/911
merged fix in commit: https://github.com/Katello/katello/commit/c7fe15c3914c8829b82076cb21af9bc5cd048026
Verified: * candlepin-0.7.18-1.el6_3.noarch * candlepin-tomcat6-0.7.18-1.el6_3.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.2.1-1h.el6_3.noarch * katello-cli-1.2.2-1h.el6_3.noarch * katello-cli-common-1.2.2-1h.el6_3.noarch * katello-common-1.2.2-1h.el6_3.noarch * katello-configure-1.2.1-1h.el6_3.noarch * katello-glue-candlepin-1.2.2-1h.el6_3.noarch * katello-headpin-1.2.2-1h.el6_3.noarch * katello-headpin-all-1.2.2-1h.el6_3.noarch * katello-selinux-1.2.1-1h.el6_3.noarch * thumbslug-0.0.24-1.el6_2.noarch * thumbslug-selinux-0.0.24-1.el6_2.noarch
As per comment #7, this has been verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0544.html