Bug 1121762

Summary: [Docs][Feature]Single sign-on into web applications
Product: Red Hat Enterprise Virtualization Manager Reporter: Julie <juwu>
Component: DocumentationAssignee: Julie <juwu>
Status: CLOSED CURRENTRELEASE QA Contact: Lucy Bopf <lbopf>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: alonbl, ecohen, gklein, juwu, lsurette, rbalakri, yeylon
Target Milestone: ---   
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-13 04:00:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1113937    
Bug Blocks:    

Description Julie 2014-07-21 19:38:59 UTC
This feature may have impact on UI.

PRD bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113937
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1072504

Comment 3 Alon Bar-Lev 2014-10-15 14:04:33 UTC
Hello,

The single sign on into web applications is a new feature, it should not be confused with Single sign-on into virtual machines (or more correctly: password delegation).

Documentation for this feature is available here[1][2], actual use case with the new ldap implementation is documented here[3].

For the kerberos use case[3], it means that the user login into his workstation and have kerberos TGT, then he is able to access the webadmin and userportal without specifying his user and password again.

One feature is lost: as the userportal is not accepting the user password, then the password delegation into VM cannot work (aka Single sign-on into virtual machines).

I truly wish we can refer to the package documentation and not maintain parallel documents, I will be happy to improve these.

Thanks!

[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.http;hb=HEAD
[2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.mapping;hb=HEAD
[3] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l124

Comment 5 Julie 2014-12-11 05:46:19 UTC
If the new ldap provider is implemented without SSO, VM password delegation still can be used but with limitations:
https://bugzilla.redhat.com/show_bug.cgi?id=1133137

Comment 7 Lucy Bopf 2014-12-12 06:42:33 UTC
VERIFIED - The information about SSO has been outlined in the new topic. Users are warned that using SSO in the User Portal will remove the SSO functionality for virtual machines.