Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 6.13.0
Affects Version/s: 6.12.0
Component/s: Authentication
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
BZ Flags:
- sat-6.13.0+
- team_triaged+
BZ Status:
CLOSED
Bugzilla Bug:
RHBZ: 2122617
PM Score:
800
Satellite Team:

Endeavour
BZ Keywords:
- Triaged

Severity:
Important

Regression:
None

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description of problem:
POST, PUT and DELETE calls fail with "Unable to authenticate user" when using kerberos authentication. At the same time, GET calls pass without any issues.

Version-Release number of selected component (if applicable):
6.12.0 snap 8

How reproducible:
always

Steps to Reproduce:
1. Have a Satellite configured for Kerberos authentication.
2. Run kinit <someuser> to get ticket.
3. Call /extlogin to get session_id and store it in a cookie file:

curl -k -c cookies.txt -u : --negotiate https://satellite.redhat.com/users/extlogin
4. Using the cookie file try GET call to some endpoint, it works:
curl -b cookies.txt -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X GET -k https://satellite.redhat.com/api/architectures
5. Using the same cookie file try POST/PUT/DELETE call to create/update/delete an entity:
curl -b cookies.txt -H "Accept:application/json,version=2" -H "Content-Type:application/json" -X POST -d ' {"name":"8051"}
' -k https://satellite.redhat.com/api/architectures

Actual results:

It fails with this response:
{
"error":

{"message":"Unable to authenticate user "}

}

In the production log we can see:
2022-08-30T04:38:23 [I|app|0dd98e4b] Started POST "/api/architectures" for 10.11.12.13 at 2022-08-30 04:38:23 -0400
2022-08-30T04:38:23 [I|app|0dd98e4b] Processing by Api::V2::ArchitecturesController#create as JSON
2022-08-30T04:38:23 [I|app|0dd98e4b] Parameters: {"name"=>"8051", "apiv"=>"v2", "architecture"=>{"name"=>"8051"}}
2022-08-30T04:38:23 [W|app|0dd98e4b] Can't verify CSRF token authenticity.
2022-08-30T04:38:23 [I|app|0dd98e4b] Rendering api/v2/errors/unauthorized.json.rabl within api/v2/layouts/error_layout
2022-08-30T04:38:23 [I|app|0dd98e4b] Rendered api/v2/errors/unauthorized.json.rabl within api/v2/layouts/error_layout (Duration: 6.9ms | Allocations: 6931)
2022-08-30T04:38:23 [I|app|0dd98e4b] Filter chain halted as :authorize rendered or redirected
2022-08-30T04:38:23 [I|app|0dd98e4b] Completed 401 Unauthorized in 14ms (Views: 11.1ms | ActiveRecord: 0.5ms | Allocations: 13914)

Expected results:
Successful authentication, entity created/updated/deleted

Additional info:
This issue impacts the hammer CLI functionality too.

external trackers

Foreman Issue Tracker 35473

Red Hat Errata Tool 110313

Red Hat Issue Tracker SAT-12594

Red Hat Product Errata RHSA-2023:2097

Assignee:: Oleh Fedorenko

Reporter:: RH Bugzilla Integration

QA Contact:: Lukas Hellebrandt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/08/30 3:40 PM

Updated:: 2024/05/15 3:24 AM

Resolved:: 2023/03/07 1:47 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates