Bug 1055182 - [RFE][AAA] - [SSO] integrate users roles between ovirt-engine and jasper
Summary: [RFE][AAA] - [SSO] integrate users roles between ovirt-engine and jasper
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-reports
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Oved Ourfali
QA Contact: Pavel Stehlik
URL:
Whiteboard:
Depends On: 904146 spagobi_sso
Blocks: 956226 RHEV_Unified_Auth
TreeView+ depends on / blocked
 
Reported: 2014-01-19 12:23 UTC by Alon Bar-Lev
Modified: 2022-06-30 08:34 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-16 09:54:33 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:
lsvaty: testing_plan_complete-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHV-38404 0 None None None 2022-06-30 08:34:25 UTC

Description Alon Bar-Lev 2014-01-19 12:23:18 UTC 
CURRENT IMPLEMENTATION

We define two builtin users within jasper: ovirt-admin, superuser.

These are special users with special roles within jasper.

All users that access via ovirt-engine SSO are regular users.

PROBLEM IN CURRENT IMPLEMENTATION

Users of ovirt-engine cannot manage the jasper.

Integration of ovirt-engine with SSO or directory providers will not effect the jasper built-in users.

Setup process overwrites the password policy of jasper at every upgrade.

NEW IMPLEMENTATION

Define two roles within ovirt-engine: ovirt-reports-admin, ovirt-reports-operator (or any other terms)

When performing SSO to reports, pull user's name and user's roles, and assign appropriate roles within jasper.

Remove the built-in users creation within jasper, or if cannot be removed, disable the users.

BENEFITS

Single location of defining user roles.

Single user lifecycle policy (password complexity, password expiration, removal).

Enjoy ovirt-engine integration to external authentication and directory.
Note You need to log in before you can comment on or make changes to this bug.