Bug 1121762
Summary: | [Docs][Feature]Single sign-on into web applications | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Julie <juwu> |
Component: | Documentation | Assignee: | Julie <juwu> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Lucy Bopf <lbopf> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.5.0 | CC: | alonbl, ecohen, gklein, juwu, lsurette, rbalakri, yeylon |
Target Milestone: | --- | ||
Target Release: | 3.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-13 04:00:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1113937 | ||
Bug Blocks: |
Description
Julie
2014-07-21 19:38:59 UTC
Hello, The single sign on into web applications is a new feature, it should not be confused with Single sign-on into virtual machines (or more correctly: password delegation). Documentation for this feature is available here[1][2], actual use case with the new ldap implementation is documented here[3]. For the kerberos use case[3], it means that the user login into his workstation and have kerberos TGT, then he is able to access the webadmin and userportal without specifying his user and password again. One feature is lost: as the userportal is not accepting the user password, then the password delegation into VM cannot work (aka Single sign-on into virtual machines). I truly wish we can refer to the package documentation and not maintain parallel documents, I will be happy to improve these. Thanks! [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.http;hb=HEAD [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.mapping;hb=HEAD [3] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l124 If the new ldap provider is implemented without SSO, VM password delegation still can be used but with limitations: https://bugzilla.redhat.com/show_bug.cgi?id=1133137 VERIFIED - The information about SSO has been outlined in the new topic. Users are warned that using SSO in the User Portal will remove the SSO functionality for virtual machines. |