Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-20899

[BUG] Cannot register system or query Satellite 6 api using the IDM/IPA user

XMLWordPrintable

    • 0
    • False
    • Important
    • None
    • None
    • None
    • None

      Description of problem:

      When Satellite is integrated for external authentication with IPA using the below guide.

      https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/server_administration_guide/#sect-Red_Hat_Satellite-Server_Administration_Guide-Configuring_External_Authentication-Integrate_IdM_with_Satellite

      The IPA/IDM users are able to login into the Satellite Web UI . But they cannot register the client using the subscription-manager and is not able query the Satellite api.

      Version-Release number of selected component (if applicable):
      Satellite 6.2.8

      How reproducible:
      Every time

      Steps to Reproduce:
      1. Configure satellite for external authentication with ipa using the below guide

      https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/server_administration_guide/#sect-Red_Hat_Satellite-Server_Administration_Guide-Configuring_External_Authentication-Integrate_IdM_with_Satellite

      2. Try to register one of the system using the IPA user . Or try to call the Satellite api using the curl command.

      Actual results:
      The IPA users are not able to register the client host to Satellite 6 and also use the api.

      Expected results:

      The IPA users should be able to register to the Satellite 6 using the subscription manager and call the api too.

      Additional info:
      [A] We see the below error while registering.
      On the client
      ====
      Registering to: satellite.example.com:443/rhsm
      Username: <username>
      Password:
      Unauthorized: Invalid credentials for request.
      ====

      In Satellite 6 foreman/production.log file
      ====
      2017-05-26 04:23:07 [app] [I] Started GET "/rhsm/users/<user>/owners" for 192.168.124.100 at 2017-05-26 04:23:07 -0400
      2017-05-26 04:23:07 [app] [I] Processing by Katello::Api::Rhsm::CandlepinProxiesController#list_owners as JSON
      2017-05-26 04:23:07 [app] [I] Parameters:

      {"login"=>"<user>"}

      2017-05-26 04:23:07 [katello/cp_proxy] [W] SSO failed
      2017-05-26 04:23:07 [app] [I] Rendered api/v2/errors/unauthorized.json.rabl within api/v2/layouts/error_layout (0.5ms)
      2017-05-26 04:23:07 [app] [I] Filter chain halted as :authorize rendered or redirected
      2017-05-26 04:23:07 [app] [I] Completed 401 Unauthorized in 7ms (Views: 1.2ms | ActiveRecord: 0.6ms)
      ====

      [B] Invoking api using curl
      ====

      1. curl -k -u <username>:'<password>' https://sat.example.com/api/hosts
        ====

      Errors in production log
      ====
      2017-05-26 04:29:09 [app] [I] Started GET "/api/hosts" for 192.168.124.100 at 2017-05-26 04:29:09 -0400
      2017-05-26 04:29:09 [app] [I] Processing by Api::V2::HostsController#index as JSON
      2017-05-26 04:29:09 [app] [I] Parameters:

      {"apiv"=>"v2"}

      2017-05-26 04:29:09 [app] [W] SSO failed
      2017-05-26 04:29:09 [app] [I] Rendered api/v2/errors/unauthorized.json.rabl within api/v2/layouts/error_layout (0.4ms)
      2017-05-26 04:29:09 [app] [I] Filter chain halted as :authorize rendered or redirected
      2017-05-26 04:29:09 [app] [I] Completed 401 Unauthorized in 4ms (Views: 1.0ms | ActiveRecord: 0.5ms)
      ====

              jira-bugzilla-migration RH Bugzilla Integration
              jira-bugzilla-migration RH Bugzilla Integration
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: