Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-41295

Satellite is facing an issue authenticating with Keycloak when accessed using any certificate SAN/DNS that differs from the CN (Common Name)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Authentication
    • None
    • False
    • sat-endeavour
    • None
    • None
    • None
    • None

      Description of problem:

      When performing the steps to configure the Satellite with Keycloak [1], the 'keycloak-httpd-client-install' command sets the Satellite FQDN in the configuration file [2], allowing it be accessible only via the Satellite FQDN.

      Follow the line example here:

      OIDCRedirectURI https://<satellite fqdn>/users/extlogin/redirect_uri

      [1] - Configuring SSO and 2FA with Red Hat build of Keycloak in Satellite

      [2]- /etc/httpd/conf.d/foreman-openidc_oidc_keycloak_<realm>.conf

      How reproducible:

      Access the Satellite via any SAN/DNS that differs from the Common Name.

      Is this issue a regression from an earlier version:

      No

      Steps to Reproduce:

      1. Configure the Satellite with Keycloak following our documentation

      2. Access the Satellite WebUI using any SAN/DNS via extlogin: https://<satellite san>/users/extlogin

      Actual behavior:
      Facing issue to authenticate via Keycloak

      Expected behavior:
      Be able to use the Satellite FQDN and SAN/DNS from the Satellite server certificate

      Business Impact / Additional info:

      Medium

       

              Unassigned Unassigned
              rhn-support-alsouza Aldrey Souza
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: