IPA external authentication with OTP not working


#1

Hello,

I have a strange problem with FreeIPA 4.2.0 and ManageIQ version: darga-4.1.20161126000601_cfe2abe also with 4.0 i had the same problem.

All test are with the IPA user:
login with user and password is working on ManageIQ
login with user and password + OTP is working on IPA
login with user and password + OTP is working on Ovirt
login with user and password + OTP is not working on ManageIQ

failed login with password + OTP evm.log:
[----] I, [2016-11-27T20:16:38.398841 #3290:eb5848] INFO – : MIQ(Authenticator.authenticate) userid: [tho] - User tho successfully validated by External httpd
[----] I, [2016-11-27T20:16:38.412072 #3290:eb5848] INFO – : MIQ(MiqTask#update_status) Task: [269] [Active] [Ok] [Authorizing]
[----] I, [2016-11-27T20:16:38.436676 #3290:eb5848] INFO – : MIQ(Authenticator::Httpd#authorize) Authorized User: [tho]
[----] I, [2016-11-27T20:16:38.436821 #3290:eb5848] INFO – : MIQ(MiqTask#update_status) Task: [269] [Finished] [Ok] [User authorized successfully]
[----] I, [2016-11-27T20:16:38.454898 #3290:eb5848] INFO – : MIQ(Authenticator.authenticate) userid: [tho] - Authentication successful for user tho
[----] W, [2016-11-27T20:16:39.228366 #3275:eb9678] WARN – : MIQ(Authenticator.authenticate) userid: [tho] - Authentication failed for userid tho: Failure setting user credentials
[----] W, [2016-11-27T20:16:39.228460 #3275:eb9678] WARN – : MIQ(Authenticator::Httpd#authenticate) Authentication failed
[----] E, [2016-11-27T20:16:39.228776 #3275:eb9678] ERROR – : MIQ(dashboard_controller-authenticate): Sorry, the username or password you entered is incorrect.

successful login with password evm.log:
[----] I, [2016-11-27T20:18:18.018694 #3275:ebbc20] INFO – : MIQ(Authenticator.authenticate) userid: [tho] - User tho successfully validated by External httpd
[----] I, [2016-11-27T20:18:18.030690 #3275:ebbc20] INFO – : MIQ(MiqTask#update_status) Task: [271] [Active] [Ok] [Authorizing]
[----] I, [2016-11-27T20:18:18.058689 #3275:ebbc20] INFO – : MIQ(Authenticator::Httpd#authorize) Authorized User: [tho]
[----] I, [2016-11-27T20:18:18.058815 #3275:ebbc20] INFO – : MIQ(MiqTask#update_status) Task: [271] [Finished] [Ok] [User authorized successfully]
[----] I, [2016-11-27T20:18:18.074836 #3275:ebbc20] INFO – : MIQ(Authenticator.authenticate) userid: [tho] - Authentication successful for user tho

any ideas?

Thank you
Thomas