Project

Profile

Help

Issue #6989

closed

cert auth does not work with current binding gems

Added by jsherril@redhat.com over 4 years ago. Updated over 4 years ago.

Status:
CLOSED - WORKSFORME
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Katello
Sprint:
Sprint 77
Quarter:

Description

Our pulp settings.py has these settings added:

REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
    'rest_framework.authentication.SessionAuthentication',
    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)

and authenticating with a cert works fine:

# curl https://`hostname`/pulp/api/v3/tasks/   --cert /etc/pki/katello/certs/pulp-client.crt  --key /etc/pki/katello/private/pulp-client.key

{"count":0,"next":null,"previous":null,"results":[]}[

However, using the bindings does not work, i always get:

Response body: {"detail":"Invalid username/password."}

This used to work, but after updating to master, it no longer does. After some investigation I realized that the bindings were adding basic auth headers even when basic auth wasn't used and this was related. I could mimick this with curl:

# curl https://`hostname`/pulp/api/v3/tasks/   --cert /etc/pki/katello/certs/pulp-client.crt  --key /etc/pki/katello/private/pulp-client.key    -u ':'

This works perfectly fine against 3.4, but not against pulpcore master. I even manually patched the local ruby bindings to omit basic auth: https://gist.github.com/jlsherrill/dece315a225a9de4365d176461591ef4

and that seemed to work around the issue.

I glanced through the commit log and didn't see anything all that relevant, so i wonder if it was a django update as i did notice an update there and with django-rest-framework

Tried with bindings 3.5.0.dev01592305561 (as well as 3.4.1)

Also available in: Atom PDF