Details
-
Bug
-
Resolution: Duplicate
-
Normal
-
None
-
2.3
-
None
-
False
-
-
False
Description
Description
The user can login with to PAH using RHSSO, however, when the same credentials are used in podman, the user cannot login.
Key Dependency Versions
automation-hub-4.6.4-1.el8ap.noarch Tue Apr 25 13:43:48 2023 pulpcore-selinux-1.3.2-1.el8ap.x86_64 Fri Dec 16 09:44:00 2022 python39-pulpcore-3.21.3-1.el8ap.noarch Thu Feb 9 10:54:48 2023 python39-pulp-ansible-0.15.0-1.el8ap.noarch Fri Dec 16 09:43:59 2022 python39-pulp-container-2.14.1-1.el8ap.noarch Fri Dec 16 09:43:59 2022
Steps to Reproduce
perform podman login with the RH-SSO credentials
how reproducible: always
Actual Behavior
$ podman login hub.url.example -u myuser
Password:
Error: error logging into "hub.url.example": invalid username/password
The journal on the PAH server shows:
May 12 14:30:19 hub.url.example gunicorn[475721]: pulp [None]: django.request:WARNING: Unauthorized: /v2/ May 12 14:30:20 hub.url.example gunicorn[475718]: pulp [None]: django.request:WARNING: Unauthorized: /token/
GALAXY_AUTHENTICATION_CLASSES = [ "rest_framework.authentication.SessionAuthentication", "rest_framework.authentication.TokenAuthentication", "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", ]
$ echo "from django.conf import settings;print(settings.GALAXY_AUTHENTICATION_CLASSES)" | PULP_SETTINGS=/etc/pulp/settings.py /usr/bin/pulpcore-manager shell ['rest_framework.authentication.SessionAuthentication', 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth']
var/opt/rh/rh-sso7/log/keycloak/standalone/console.log 104:15:55:41,108 WARN [org.keycloak.events] (default task-21) type=LOGIN_ERROR, realmId=ansible-automation-platform, clientId=automation-hub, userId=076ae4dc-1c21-4918-9765-b6f0830c0025, ipAddress=xx.xxx.xx.xxx, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://sso-url/complete/keycloak/?redirect_state=A6lXubyJZH7KK7341KOThdv7Axeq8AzJ, code_id=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, username=myuser, authSessionParentId=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, authSessionTabId=p0US6Cp_yAo 106:15:57:21,557 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=ansible-automation-platform, clientId=automation-hub, userId=076ae4dc-1c21-4918-9765-b6f0830c0025, ipAddress=xx.xxx.xx.xxx, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://sso-url/complete/keycloak/?redirect_state=A6lXubyJZH7KK7341KOThdv7Axeq8AzJ, code_id=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, username=myuser, authSessionParentId=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, authSessionTabId=p0US6Cp_yAo
var/opt/rh/rh-sso7/log/keycloak/standalone/server.log 200:2023-05-30 15:55:41,108 WARN [org.keycloak.events] (default task-21) type=LOGIN_ERROR, realmId=ansible-automation-platform, clientId=automation-hub, userId=076ae4dc-1c21-4918-9765-b6f0830c0025, ipAddress=xx.xxx.xx.xxx, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://sso-url/complete/keycloak/?redirect_state=A6lXubyJZH7KK7341KOThdv7Axeq8AzJ, code_id=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, username=myuser, authSessionParentId=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, authSessionTabId=p0US6Cp_yAo 202:2023-05-30 15:57:21,557 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=ansible-automation-platform, clientId=automation-hub, userId=076ae4dc-1c21-4918-9765-b6f0830c0025, ipAddress=xx.xxx.xx.xxx, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://sso-url/complete/keycloak/?redirect_state=A6lXubyJZH7KK7341KOThdv7Axeq8AzJ, code_id=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, username=myuser, authSessionParentId=6b2d8033-ee5d-4f4c-b355-ee1c44da6da9, authSessionTabId=p0US6Cp_yAo
Expected Behavior
Successful login.