Problem: External authentication using the api
In a freeipa/AD trust situation, the foreman host (joined to AD) can successfully authenticate AD users members of an external freeipa group in the web ui. But when using the api, we cannot log in.
In the production.log we see:
failed to authenticate user against EXTERNAL authentication source
invalid user
SSO failed
We are not using negotiate in the rest api.
Expected outcome:
We can log in using name/passwords of AD users in the api
Foreman and Proxy versions:
1.24
Foreman and Proxy plugin versions:
Distribution and version:
rhel 7.7
Other relevant data:
curl -u user@ad.trust https://foreman.sub.domain.tld/api/status -LI
Enter host password:
HTTP/1.1 401 Unauthorized