Description of problem:

When using redhat ansible collections, the account used to authenticate needs to be local. If one tries to use an account coming from an external authentication source (AD integration, not LDAP) it cannot authenticate.

How reproducible:

Always

Is this issue a regression from an earlier version:

Steps to Reproduce:

1. Configure Satellite to authenticate against AD[1]

2. Create a simple playbook using satellite ansible collection. Example:

- name: Create activation key
  hosts: localhost
  tasks:
    - name: "Create client activation key"
      redhat.satellite.activation_key:
        username: "aduser@example.com"
        password: "password"
        server_url: "https://satellite.example.com"
        name: "Clients"
        organization: "Default Organization"
        lifecycle_environment: "Library"
        content_view: 'Default Organization View'
        auto_attach: false
 

3. Run the playbook and see the error:

fatal: [localhost]: FAILED! => {"changed": false, "error": {"message": "Unable to authenticate user aduser@example.com"}, "msg": "Failed to connect to Foreman server: HTTPError: 401 Client Error: Unauthorized for url: https://satellite.example.com/api/status"}
 

Actual behavior:
Authentication fails 

Expected behavior:
Authentication should work and playbook executed

Business Impact / Additional info:

Same playbook works as expected using an internal account.

Same account that fails on the playbook can be used to login into the webUI

[1]: https://docs.redhat.com/en/documentation/red_hat_satellite/6.15/html/installing_satellite_server_in_a_connected_network_environment/configuring_external_authentication_satellite#Using_Active_Directory_satellite