AD SSO Authentication in Satellite UI fails after upgrading to Red Hat Satellite 6.11

Solution Verified - Updated -

Issue

  • The AD authentication has been configured with the integration of gssproxy service properly, But UI login still fails for external users.

  • Following errors were observed in the /var/log/httpd/foreman-ssl_error_ssl.log of the affected satellite server.

    [Tue Aug 09 15:31:58.830065 2022] [authnz_pam:warn] [pid 1014] [client 10.74.XX.XX:40106] PAM account validation failed for user user@domain.com: Permission denied
[Tue Aug 09 15:31:58.830404 2022] [authz_core:error] [pid 1014] [client 10.74.XX.XX:40106] AH01631: user user@domain.com: authorization failure for "/users/extlogin/":

    or

    [Wed Aug 17 14:31:34.143494 2022] [auth_gssapi:error] [pid 93678:tid 139707719587584] [client 10.74.XX.XX:40106] GSS ERROR gss_localname() failed: [A required input parameter could not be read (Unknown error)]

  • SSO authentication via curl also fails at the OS level despite having a valid Kerberos ticket for the Active-Directory user.

    # curl -k -u : --negotiate https://`hostname -f`/users/extlogin
<html><meta http-equiv="refresh" content="0; URL=/users/login"><body>Kerberos authentication did not pass.</body></html>

Environment

  • Red Hat Satellite 6.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content