Bug 884653
Summary: | [RFE][AAA] support single sign-on to user and admin portals | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Petr Spacek <pspacek> |
Component: | RFEs | Assignee: | Alon Bar-Lev <alonbl> |
Status: | CLOSED ERRATA | QA Contact: | Ondra Machacek <omachace> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.1.0 | CC: | alexey, alonbl, anande, bsettle, djasa, djuran, dpal, ecohen, gchakkar, iheim, jfenal, lmiccini, lpeer, luvilla, marcandre.lureau, mkosek, myllynen, nobody, oourfali, pablo.iranzo, perobins, pspacek, pstehlik, rbalakri, rcritten, Rhev-m-bugs, sherold, sigbjorn, sputhenp, ssorce, subjrs, ylavi |
Target Milestone: | --- | Keywords: | FutureFeature, TechPreview |
Target Release: | 3.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | vt2.2 | Doc Type: | Technology Preview |
Doc Text: |
Tech Preview
============
Package(s) providing the Technology Preview:
Description of the Technology Preview:
----------------------------------------------------
Release Note
============
- When SSO is used: the "sign out" button in the User Portal and Admin Portal will not function at all, i.e. the user will remain logged in even after clicking "sign out".
For properly signing out, the user would need to sign out from the SSO provider.
- When SSO is not used: the "sign out" button in the User Portal and Admin Portal will not function in case the user has previously accessed the rest-api via the same browser session. In order to properly sign out, the user would need to completely close the browser, re-open it and re-access the desired application (which will now require the user to login).
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-11 17:51:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1113937, 1142923, 1156165 |
Description
Petr Spacek
2012-12-06 13:50:01 UTC
related to bug 570191 *** Bug 971504 has been marked as a duplicate of this bug. *** Could the existing mod_auth_kerb be used to handle the authentication? We use this with several web sites today and we know it works, both with IPA and with Active Directory at the same time. We have a design now. http://www.ovirt.org/Features/SSO Alon Bar Lev might know more about when it will be implemented. Hi Alon, bug#570191 seems to be about: "support Kerberos authentication (for REST API)" or are you suggesting (as per your comment #10 and the reference to http://www.freeipa.org/page/Web_App_Authentication) that in 3.5 we are going to delegate the entire authentication to apache? (In reply to Luca Miccini from comment #11) > Hi Alon, > > bug#570191 seems to be about: > > "support Kerberos authentication (for REST API)" > > or are you suggesting (as per your comment #10 and the reference to > http://www.freeipa.org/page/Web_App_Authentication) that in 3.5 we are going > to delegate the entire authentication to apache? yes, see bug#1113937 as well. we will release this as technology preview for 3.5. Support for SSO customization will be available at 3.5.0, see bug#1113937. Move doc note to block, remove from documentation, no reason to document same feature several times. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0158.html |