Bug 1308458
Summary: | [RFE] Access to API using only session id (Java SDK) | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Gonza <grafuls> |
Component: | ovirt-engine-sdk-java | Assignee: | Juan Hernández <juan.hernandez> |
Status: | CLOSED DUPLICATE | QA Contact: | Gonza <grafuls> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 3.6.2 | CC: | gklein, grafuls, juan.hernandez, lsurette, mgoldboi, oourfali, rnori, yeylon, ykaul |
Target Milestone: | ovirt-4.0.0-alpha | Keywords: | FutureFeature |
Target Release: | --- | Flags: | grafuls:
needinfo-
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-04-07 10:42:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gonza
2016-02-15 09:46:47 UTC
We are deprecating the session ID entirely, and using a token. However, in general if you have a session ID, you can access without a username and password. But, perhaps it isn't exposed in the java SDK. Juan/Ravi - thoughts? *** Bug 1308459 has been marked as a duplicate of this bug. *** Once integration with SSO is complete, api will acquire a SSO access token providing the required credentials (user name/password or external auth). After this the api is required to only pass the sso access token as bearer authentication and does not require to pass the credentials. So instead of session id we will be using access token. Juan - will it work well in the SDK in 4.0? Also related to Bug 1308460 Yes, it will work, but it isn't implemented yet. Gonzalo, can you try to repeat your test passing the name of the session cookie as well as the value? // Get the session id from somewhere: String sessionId = ...; // Create the builder: ApiBuilder builder = new ApiBuilder() .url(URL) .sessionId("JSESSIONID=" + sessionId) .keyStorePath("ca.jks") .keyStorePassword("mykeystorepassword") .debug(DEBUG); // The "ca.jks" file above needs to be created from // the CA certificate of the engine, which is usually // located in the "/etc/pki/ovirt-engine/ca.pem" file. // Get that file, and then use a the "keytool" command // to import it to the "ca.jks" keystore file: // // keytool \ // -importcert \ // -keystore ca.jks \ // -file ca.pem \ // -alias ca \ // -storepass mykeystorepassword \ // -noprompt // // The resulting "ca.jks" file only contains the CA // certificate, so its content isn't confidential. // Create the API object: Api api = builder.build(); Closing as duplicate of the RFE to add support for SSO authentication. *** This bug has been marked as a duplicate of bug 1285885 *** |