WebSSO initial redirect 404s

Bug #1794710 reported by Colleen Murphy on 2018-09-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
High
Radomir Dopieralski

Bug Description

On current master of horizon, when WebSSO is configured, after selecting the SSO auth method from the "Authenticate Using" dropdown menu, instead of redirecting to the configured identity provider, horizon redirects to /dashboard/auth/login/default/auth/OS-FEDERATION/websso/mapped and then 404s.

git bisect shows that this is the commit that introduced the bug: https://review.openstack.org/593650

stable/rocky works fine.

Steps to reproduce
------------------

Configure horizon with:

 WEBSSO_ENABLED = True
 WEBSSO_CHOICES = (("credentials", _("Keystone Credentials")), ("mapped", _("External Authentication Service")),)
 DEBUG = True

In the dropdown menu on the login screen, select "External Authentication Service"

Expected behavior
-----------------

Horizon should redirect to the configured identity provider for the keystone federation protocol named "mapped". If you have not fully set up federation in keystone, keystone should return a 401.

Actual behavior
---------------

Horizon returns a 404 with this message:

Using the URLconf defined in openstack_dashboard.urls, Django tried these URL patterns, in this order:

^$ [name='splash']
^api/
^header/
^home/$ [name='user_home']
^i18n/js/(?P<packages>\S+?)/$ [name='jsi18n']
^i18n/setlang/$ [name='set_language']
^i18n/
^jasmine-legacy/$ [name='jasmine_tests']
^jasmine/.*?$
^settings/
^identity/
^admin/
^project/
^ngdetails/ [name='ngdetails']
^auth/ ^login/$ [name='login']
^auth/ ^logout/$ [name='logout']
^auth/ ^switch/(?P<tenant_id>[^/]+)/$ [name='switch_tenants']
^auth/ ^switch_services_region/(?P<region_name>[^/]+)/$ [name='switch_services_region']
^auth/ ^switch_keystone_provider/(?P<keystone_provider>[^/]+)/$ [name='switch_keystone_provider']
^auth/ ^websso/$ [name='websso']
^auth/ ^error/$
^dashboard\/static\/(?P<path>.*)$
^dashboard\/media\/(?P<path>.*)$
^500/$
The current path, auth/login/default/auth/OS-FEDERATION/websso/mapped, didn't match any of these.

Ivan Kolodyazhny (e0ne) on 2018-10-03
Changed in horizon:
status: New → Confirmed
importance: Undecided → High
Ivan Kolodyazhny (e0ne) on 2018-10-17
Changed in horizon:
milestone: none → stein-1

Fix proposed to branch: master
Review: https://review.openstack.org/611349

Changed in horizon:
assignee: nobody → Adam Young (ayoung)
status: Confirmed → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/611387

Changed in horizon:
assignee: Adam Young (ayoung) → Radomir Dopieralski (deshipu)

Reviewed: https://review.openstack.org/611387
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=1953c689e86ecdf131b4cf176bf4ff47b53493cf
Submitter: Zuul
Branch: master

commit 1953c689e86ecdf131b4cf176bf4ff47b53493cf
Author: Radomir Dopieralski <email address hidden>
Date: Wed Oct 17 18:44:21 2018 +0200

    Properly calculate auth_url for WEBSSO from POST data

    The redirect for WEBSSO takes its data directly from the request's
    POST data, and the format of that data has changed, so now we need
    to convert it for it to work correctly.

    Change-Id: I5b18e555a9bc6b24be1e59465f07e73e99739e22
    closes-bug: #1794710

Changed in horizon:
status: In Progress → Fix Released

Change abandoned by Radomir Dopieralski (<email address hidden>) on branch: stable/rocky
Review: https://review.openstack.org/617256

This issue was fixed in the openstack/horizon 15.0.0.0b2 development milestone.

Change abandoned by ayoung (<email address hidden>) on branch: master
Review: https://review.openstack.org/611349

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers