Bug 1574951

Summary: [RFE] Using SAML authn with Administration/User Portal the users must be created manually
Product: Red Hat Enterprise Virtualization Manager Reporter: Juan Manuel Parrilla Madrid <jparrill>
Component: ovirt-engineAssignee: Ravi Nori <rnori>
Status: CLOSED DUPLICATE QA Contact: Petr Matyáš <pmatyas>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.1.10CC: jparrill, lsurette, michal.skrivanek, mperina, nobody, pstehlik, Rhev-m-bugs, srevivo
Target Milestone: ovirt-4.3.1Keywords: FutureFeature, Reopened
Target Release: 4.3.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1570040
: 1574958 (view as bug list) Environment:
Last Closed: 2019-01-31 18:06:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1570040, 1588375    
Bug Blocks: 1574958    

Description Juan Manuel Parrilla Madrid 2018-05-04 12:07:55 UTC 
Description of problem:
I have been working with RHEV development people, concretely with "mmartinv" to make work mod_auth_mellon with internal-auth and it works fine. The issue comes with the Sing-Up of the user, we must precreate a user on the RHSSO server (or LDAP federation) and also do it the same on RHEV-M. 

The point of this bug is, create a user on internal ddbb (if not exists) when a SAML successfully login comes from the SAML server or trigger a proccess that makes this sing up.
Comment 1 Juan Manuel Parrilla Madrid 2018-05-04 12:22:32 UTC 
This bug is also related with:

- https://bugzilla.redhat.com/show_bug.cgi?id=1574958
- https://bugzilla.redhat.com/show_bug.cgi?id=1570040
Comment 2 Martin Perina 2018-05-11 13:16:12 UTC 
What's the difference between this bug and BZ1574958? Users needs to have assign some permission to be able to login into either webadmin or VM portal
Comment 3 Martin Perina 2018-05-28 06:41:00 UTC 
Ping
Comment 4 Juan Manuel Parrilla Madrid 2018-06-05 13:52:15 UTC 
Commented here: https://bugzilla.redhat.com/show_bug.cgi?id=1570040#c9

The problem is related because in the other bug there is not integration, and this bug comes when the integration are applied/configured in a manual way, I mean, the https://bugzilla.redhat.com/show_bug.cgi?id=1570040 bug is to implement a good way to integrate with RHSSO. The purpose of this other bug is following a "general guide to integrate with a SAML service" the RHEV platform must catch the users and create them inside of the database when a SAML login happens.

I hope you have explained me well, because is not easy :)).
Comment 5 Sandro Bonazzola 2019-01-28 09:41:54 UTC 
This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
Comment 7 Ravi Nori 2019-01-31 18:06:27 UTC 
The patches for BZ 1570040 gives admin access to users that belong to ovirt-administrator ldap group. 

So automatic admin access to users will be granted based on their ldap group. ovirt-administrator is a built in group on ovirt-engine that is configured during setup specifically for integration with external authentication with OIDC provider RHSSO/Keycloak.

*** This bug has been marked as a duplicate of bug 1570040 ***