Bug 1308458

Summary: [RFE] Access to API using only session id (Java SDK)
Product: Red Hat Enterprise Virtualization Manager Reporter: Gonza <grafuls>
Component: ovirt-engine-sdk-javaAssignee: Juan Hernández <juan.hernandez>
Status: CLOSED DUPLICATE QA Contact: Gonza <grafuls>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 3.6.2CC: gklein, grafuls, juan.hernandez, lsurette, mgoldboi, oourfali, rnori, yeylon, ykaul
Target Milestone: ovirt-4.0.0-alphaKeywords: FutureFeature
Target Release: ---Flags: grafuls: needinfo-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-07 10:42:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gonza 2016-02-15 09:46:47 UTC 
Description of problem:
Currently the API has support for passing session id as a parameter but username and password are still required.
We would like to have the ability of accessing the API without needing to input username and password when we are passing the session id.

Version-Release number of selected component (if applicable):
rhevm-sdk-java-3.6.2.0-2.el6ev.noarch.rpm

How reproducible:
100%

Steps to Reproduce:
1. Try to access API using only session ID

Actual results:
Username and password are required

Expected results:
We can access the API only passing session id to the constructor.
Comment 1 Oved Ourfali 2016-02-16 07:27:34 UTC 
We are deprecating the session ID entirely, and using a token.
However, in general if you have a session ID, you can access without a username and password. But, perhaps it isn't exposed in the java SDK.

Juan/Ravi - thoughts?
Comment 2 Oved Ourfali 2016-02-16 07:28:49 UTC 
*** Bug 1308459 has been marked as a duplicate of this bug. ***
Comment 3 Ravi Nori 2016-02-17 17:51:09 UTC 
Once integration with SSO is complete, api will acquire a SSO access token providing the required credentials (user name/password or external auth).

After this the api is required to only pass the sso access token as bearer authentication and does not require to pass the credentials. So instead of session id we will be using access token.
Comment 4 Oved Ourfali 2016-02-25 08:12:29 UTC 
Juan - will it work well in the SDK in 4.0?
Comment 5 Oved Ourfali 2016-02-25 08:12:55 UTC 
Also related to Bug 1308460
Comment 6 Juan Hernández 2016-02-25 09:16:20 UTC 
Yes, it will work, but it isn't implemented yet.
Comment 7 Juan Hernández 2016-03-14 17:33:12 UTC 
Gonzalo, can you try to repeat your test passing the name of the session cookie as well as the value?

  // Get the session id from somewhere:
  String sessionId = ...;

  // Create the builder:
  ApiBuilder builder = new ApiBuilder()
    .url(URL)
    .sessionId("JSESSIONID=" + sessionId)
    .keyStorePath("ca.jks")
    .keyStorePassword("mykeystorepassword")
    .debug(DEBUG);

  // The "ca.jks" file above needs to be created from
  // the CA certificate of the engine, which is usually
  // located in the "/etc/pki/ovirt-engine/ca.pem" file.
  // Get that file, and then use a the "keytool" command
  // to import it to the "ca.jks" keystore file:
  //
  // keytool \
  // -importcert \
  // -keystore ca.jks \
  // -file ca.pem \
  // -alias ca \
  // -storepass mykeystorepassword \
  // -noprompt
  //
  // The resulting "ca.jks" file only contains the CA
  // certificate, so its content isn't confidential.

  // Create the API object:
  Api api = builder.build();
Comment 8 Juan Hernández 2016-04-07 10:42:46 UTC 
Closing as duplicate of the RFE to add support for SSO authentication.

*** This bug has been marked as a duplicate of bug 1285885 ***