StarlingX

  1. Bug #1863264
  2. Activity log

Activity log for bug #1863264

Date Who What changed Old value New value Message
2020-02-14 15:15:55 ayyappa bug added bug
2020-02-14 15:15:55 ayyappa attachment added ALL_NODES_20200212.230018.tar https://bugs.launchpad.net/bugs/1863264/+attachment/5328186/+files/ALL_NODES_20200212.230018.tar
2020-02-14 15:17:34 Teresa Ho starlingx: assignee Teresa Ho (teresaho)
2020-02-14 16:00:31 OpenStack Infra starlingx: status New In Progress
2020-02-14 18:42:47 OpenStack Infra starlingx: status In Progress Fix Released
2020-02-14 19:46:56 Ghada Khalil tags stx.retestneeded stx.4.0 stx.retestneeded stx.security
2020-02-14 19:47:07 Ghada Khalil bug added subscriber Bill Zvonar
2020-02-14 19:47:22 Ghada Khalil bug added subscriber Daniel Badea
2020-02-14 19:47:26 Ghada Khalil starlingx: importance Undecided Medium
2020-02-25 19:56:51 ayyappa tags stx.4.0 stx.retestneeded stx.security stx.security
2020-02-25 19:56:58 ayyappa description Brief Description ----------------- The refresh token is not returned in the response from dex app, only id-token and other details are shown Severity -------- Minor Steps to Reproduce ------------------ 1)After controller is unlocked, create kubernetes secret for running dex and oidc-client: kubectl create secret tls local-dex.tls --cert=ssl/dex-cert.pem --key=ssl/dex-key.pem -n kube-system kubectl create secret generic dex-client-secret --from-file=/home/sysadmin/ssl/dex-ca.pem -n kube-system 2)copy the dex-overrride.yaml file cat dex-overrides.yaml config: connectors: - type: ldap name: OpenLDAP id: ldap config: host: pv-ad.cumulus.wrs.com:389 insecureNoSSL: true insecureSkipVerify: true bindDN: cn=Administrator,cn=Users,dc=pv-ad,dc=cumulus,dc=wrs,dc=com bindPW: Li69nux* usernamePrompt: Username userSearch: baseDN: ou=Users,ou=Titanium,dc=pv-ad,dc=cumulus,dc=wrs,dc=com filter: "(objectClass=user)" username: sAMAccountName idAttr: sAMAccountName emailAttr: sAMAccountName nameAttr: displayName 4)and apply the application: system helm-override-update oidc-auth-apps dex kube-system --values /home/sysadmin/dex-overrides.yaml system application-apply oidc-auth-apps [sysadmin@controller-0 ~(keystone_admin)]$ system application-list +---------------------+---------+-------------------------------+---------------+---------+-----------+ | application | version | manifest name | manifest file | status | progress | +---------------------+---------+-------------------------------+---------------+---------+-----------+ | oidc-auth-apps | 1.0-0 | oidc-auth-manifest | manifest.yaml | applied | completed | | platform-integ-apps | 1.0-8 | platform-integration-manifest | manifest.yaml | applied | completed | 5) Login in to the http://[2620:10a:a001:a103::1085]:30555 and enter the username and password and login 6)only id-token,access token and claims are shown but not the refresh token Expected Behavior ------------------ The refresh token should be returned with all the remaining tokens Actual Behavior ---------------- refresh token is not returned Reproducibility --------------- 100% System Configuration -------------------- tested on all the following systems standard system,wc_63_66_ipv6 Branch/Pull Time/Commit ----------------------- 2020-02-11 Last Pass --------- This is a new test scenario Timestamp/Logs -------------- 2020-02-12 22:49:44.056 Test Activity ------------- Feature Testing Workaround ---------- Haven't found any Brief Description ----------------- The refresh token is not returned in the response from dex app, only id-token and other details are shown Severity -------- Minor Steps to Reproduce ------------------ 1)After controller is unlocked, create kubernetes secret for running dex and oidc-client: kubectl create secret tls local-dex.tls --cert=ssl/dex-cert.pem --key=ssl/dex-key.pem -n kube-system kubectl create secret generic dex-client-secret --from-file=/home/sysadmin/ssl/dex-ca.pem -n kube-system 2)copy the dex-overrride.yaml file cat dex-overrides.yaml config:   connectors:   - type: ldap     name: OpenLDAP     id: ldap     config:       host: pv-ad.cumulus.wrs.com:389       insecureNoSSL: true       insecureSkipVerify: true       bindDN: cn=Administrator,cn=Users,dc=pv-ad,dc=cumulus,dc=wrs,dc=com       bindPW: Li69nux*       usernamePrompt: Username       userSearch:         baseDN: ou=Users,ou=Titanium,dc=pv-ad,dc=cumulus,dc=wrs,dc=com         filter: "(objectClass=user)"         username: sAMAccountName         idAttr: sAMAccountName         emailAttr: sAMAccountName         nameAttr: displayName 4)and apply the application: system helm-override-update oidc-auth-apps dex kube-system --values /home/sysadmin/dex-overrides.yaml system application-apply oidc-auth-apps [sysadmin@controller-0 ~(keystone_admin)]$ system application-list +---------------------+---------+-------------------------------+---------------+---------+-----------+ | application | version | manifest name | manifest file | status | progress | +---------------------+---------+-------------------------------+---------------+---------+-----------+ | oidc-auth-apps | 1.0-0 | oidc-auth-manifest | manifest.yaml | applied | completed | | platform-integ-apps | 1.0-8 | platform-integration-manifest | manifest.yaml | applied | completed | 5) Login in to the http://[2620:10a:a001:a103::1085]:30555 and enter the username and password and login 6)only id-token,access token and claims are shown but not the refresh token Expected Behavior ------------------ The refresh token should be returned with all the remaining tokens Actual Behavior ---------------- refresh token is not returned Reproducibility --------------- 100% System Configuration -------------------- tested on all the following systems standard system,wc_63_66_ipv6 Branch/Pull Time/Commit ----------------------- 2020-02-11 Last Pass --------- This is a new test scenario Timestamp/Logs -------------- 2020-02-12 22:49:44.056 Test Activity ------------- Feature Testing Workaround ---------- Haven't found any
2020-06-28 01:35:57 Ghada Khalil tags stx.security stx.4.0 stx.security