Bug 1121762 - [Docs][Feature]Single sign-on into web applications
Summary: [Docs][Feature]Single sign-on into web applications
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.5.0
Assignee: Julie
QA Contact: Lucy Bopf
Depends On: 1113937
TreeView+ depends on / blocked
Reported: 2014-07-21 19:38 UTC by Julie
Modified: 2015-02-13 04:00 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-02-13 04:00:57 UTC
oVirt Team: ---

Attachments (Terms of Use)

Description Julie 2014-07-21 19:38:59 UTC
This feature may have impact on UI.

PRD bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113937
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1072504

Comment 3 Alon Bar-Lev 2014-10-15 14:04:33 UTC

The single sign on into web applications is a new feature, it should not be confused with Single sign-on into virtual machines (or more correctly: password delegation).

Documentation for this feature is available here[1][2], actual use case with the new ldap implementation is documented here[3].

For the kerberos use case[3], it means that the user login into his workstation and have kerberos TGT, then he is able to access the webadmin and userportal without specifying his user and password again.

One feature is lost: as the userportal is not accepting the user password, then the password delegation into VM cannot work (aka Single sign-on into virtual machines).

I truly wish we can refer to the package documentation and not maintain parallel documents, I will be happy to improve these.


[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.http;hb=HEAD
[2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=blob;f=README.mapping;hb=HEAD
[3] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l124

Comment 5 Julie 2014-12-11 05:46:19 UTC
If the new ldap provider is implemented without SSO, VM password delegation still can be used but with limitations:

Comment 7 Lucy Bopf 2014-12-12 06:42:33 UTC
VERIFIED - The information about SSO has been outlined in the new topic. Users are warned that using SSO in the User Portal will remove the SSO functionality for virtual machines.

Note You need to log in before you can comment on or make changes to this bug.