Bug 1416491
| Summary: | [RFE] Add support for OpenID Connect in engine SSO | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Ravi Nori <rnori> |
| Component: | AAA | Assignee: | Ravi Nori <rnori> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Gonza <grafuls> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | --- | CC: | bgraveno, bugs, lsvaty, mperina, rmeggins, rnori, sradco, ylavi |
| Target Milestone: | ovirt-4.2.0 | Keywords: | FutureFeature |
| Target Release: | 4.2.0 | Flags: | rule-engine:
ovirt-4.2+
ylavi: exception+ grafuls: testing_plan_complete+ ylavi: planning_ack+ mperina: devel_ack+ lsvaty: testing_ack+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
This update adds SSO support for OpenID Connect clients. The following new OpenID Connect discovery endpoint has been added so that clients can discover the authorization endpoints and OpenID Connect capabilities of the Manager:
https://<Manager>/ovirt-engine/sso/openid/.well-known/openid-configuration
The following endpoint is used for client authorization and for obtaining the authentication code:
https://<Manager>/ovirt-engine/sso/openid/authorize
The following endpoint is used by clients to obtain the authentication token from the authentication code:
https://<Manager>/ovirt-engine/sso/openid/token
The following endpoint can used by clients to get details of the logged in user:
https://<Manager>/ovirt-engine/sso/openid/userinfo
The following endpoint can used by clients to get the keys used by SSO to sign the id_token returned from token and tokeninfo endpoints:
https://<Manager>/ovirt-engine/sso/openid/jwks
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-02-12 10:10:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1425935 | ||
| Bug Blocks: | 1402901, 1518086 | ||
|
Description
Ravi Nori
2017-01-25 15:49:00 UTC
This is needed for simple authentication of the metrics store that we hope to release in the 4.1.z time frame. Therefore requesting z stream target. I see that in https://gerrit.ovirt.org/71200 the following 3rd party dependencies have been added to the project: <dependency> <groupId>net.minidev</groupId> <artifactId>json-smart</artifactId> <version>1.3.1</version> </dependency> <dependency> <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> <version>4.13.1</version> </dependency> Any plan to provide them properly packaged as rpm? (In reply to Sandro Bonazzola from comment #4) > I see that in https://gerrit.ovirt.org/71200 > the following 3rd party dependencies have been added to the project: > > <dependency> > <groupId>net.minidev</groupId> > <artifactId>json-smart</artifactId> > <version>1.3.1</version> > </dependency> > <dependency> > <groupId>com.nimbusds</groupId> > <artifactId>nimbus-jose-jwt</artifactId> > <version>4.13.1</version> > </dependency> > > Any plan to provide them properly packaged as rpm? They are build by JBoss team, but unfortunately they are packaged as standalone RPM. So if those packages will not be provided within WildFly 11 / EAP 7.1, we will distribute along with engine on upstream and add them to rhevm-dependencies downsteam. Verified with: ovirt-engine-4.2.1.1-0.1.el7.noarch This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |