Problem:
my bad I was uncareful to update from foreman-2.1, to 2.2, next to 2.3 and finally foreman-2.4. I forgot to test authetication so I am unable to bisect the trouble. The authentication setup with External Auth REMOTE_USER - based that worked great on foreman-2.4 does not.
On apache2 log file REMOTE_USER is populated:
xxx.xxx.xxx.xxx - user@example.org [29/Mar/2021:15:38:26 +0200] “GET /users/extlogin HTTP/1.1” 302 104 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0”
But foreman logs:
2021-03-29T13:10:38 [I|app|140976a6] Started GET “/users/extlogin” for xxx.xxx.xxx.xxx at 2021-03-29 13:10:38 +0200
2021-03-29T13:10:38 [I|app|140976a6] Processing by UsersController#extlogin as HTML
2021-03-29T13:10:38 [W|app|140976a6] SSO failed
2021-03-29T13:10:38 [W|app|140976a6] falling back to login form
2021-03-29T13:10:38 [I|app|140976a6] Redirected to https://foreman.example.org/users/login
Expected outcome:
Should accept SSO authenticate user without redirection to LDAP login page.
Foreman and Proxy versions:
foreman 2.4.0-1
foreman-proxy 2.4.0-1
Foreman and Proxy plugin versions:
Distribution and version:
Debian GNU/Linux 10 (buster)
Other relevant data:
apache2 with mod_passenger
External Auth is SAML2 (but it shouldn’t be relevant at all, in my opinion)
Might be related to Bug #30739: CVE-2020-14380: Users can gain elevated rights when logging in with SSO accounts - Foreman ?