[IGN-14158] Bug in 8.3 with "temp" user source

Ignition 8.3 Early Access
1

  1. Reset password with gwcmd -p

  2. Set Designer Authentication Strategy to Identity Provider (we have SAML)

  3. Delete Ignition’s created “temp” source.

  4. Change any param in /app/platform/security/settings, such as “Gateway audit profile”.

    Got error {"messages":,"fieldMessages":[{"fieldName":"SystemAuthProfile","messages":["Invalid reference: 'temp'"]}]}

This is because Designer Authentication Strategy > Classic mode has “temp” user souce selected.

image
image970×433 43.4 KB

Note that this error appears when having “Identity Provider” mode selected, which does not require that field.

image
image1483×447 53.2 KB

Regards!

2

The designer authentication strategy is different than the system user source for editing the gateway configuration. This is not what's used to make gateway configuration changes which is what you're trying to do.

The real bug is that it shouldn't let you delete a user source that is still being used.

3

Yes, it’s an option too. A warning is displayed but its not very explainatory.

4

Not quite.

There are scenarios where it could be important to allow for forceful deletion of a resource, though in most of those scenarios it is highly likely a user would then be “replacing” the resource they just deleted.

A “standard” attempt at deleting a resource which is referenced by some other system will actually successfully fail by providing a 200 response (request was received and recognized as valid) with a success value of false. That same response will include a list of resources which contain references to the resource you tried to delete, and you must re-try the original request with a confirm query param of true in order to complete the deletion.

So we do try to prevent accidental removal of important resources by forcing a speed-bump of sorts.

Request and response when trying to delete the default User Source from a vanilla deployment:

<gateway>/data/api/v1/resources/ignition/user-source/default/b07e9ce2536f7bf30e4c20896afabf21a0443bc7ef43de087cbac183dec60a11?confirm=false&collection=core


{
  "success": false,
  "changes": [],
  "problem": null,
  "references": [
    {
      "type": "ignition/security-properties",
      "name": "security-properties",
      "property": "SystemAuthProfile"
    }
  ]
}

Note the confirm=false query param the page is sending. The response would actually be the same without that param, but the point is that the flag exists at all. Setting that value to true - which is performed in the UI by confirming the action - is going to lead to undesirable behaviors.

Screenshot 2025-09-03 at 5.55.29 AM
Screenshot 2025-09-03 at 5.55.29 AM796×390 23.1 KB

1 Like
5

There are only two bugs I see in this scenario:

  1. There is no UI indication that a component is failing validation checks when the field is not displayed due to being unused. I’ll open a new ticket to get this fixed, though there’s no chance of it making the 8.3.0 release.
  2. the trailing 1 at the end of the validation warning/error. I’d actually encountered that earlier today and have already opened that ticket - though it’s an extremely low priority.
3 Likes