CURRENT IMPLEMENTATION
We define two builtin users within jasper: ovirt-admin, superuser.
These are special users with special roles within jasper.
All users that access via ovirt-engine SSO are regular users.
PROBLEM IN CURRENT IMPLEMENTATION
Users of ovirt-engine cannot manage the jasper.
Integration of ovirt-engine with SSO or directory providers will not effect the jasper built-in users.
Setup process overwrites the password policy of jasper at every upgrade.
NEW IMPLEMENTATION
Define two roles within ovirt-engine: ovirt-reports-admin, ovirt-reports-operator (or any other terms)
When performing SSO to reports, pull user's name and user's roles, and assign appropriate roles within jasper.
Remove the built-in users creation within jasper, or if cannot be removed, disable the users.
BENEFITS
Single location of defining user roles.
Single user lifecycle policy (password complexity, password expiration, removal).
Enjoy ovirt-engine integration to external authentication and directory.