Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1285887

Summary: [RFE] SSO integration to the python SDK
Product: [oVirt] ovirt-engine-sdk-python Reporter: Alon Bar-Lev <alonbl>
Component: RFEsAssignee: Ondra Machacek <omachace>
Status: CLOSED CURRENTRELEASE QA Contact: movciari
Severity: medium Docs Contact:
Priority: medium    
Version: ---CC: bugs, grafuls, iheim, juan.hernandez, lsvaty, mgoldboi, movciari, mperina, oourfali, pstehlik, rnori
Target Milestone: ovirt-4.0.0-betaKeywords: FutureFeature, Improvement
Target Release: 4.0.0aFlags: rule-engine: ovirt-4.0.0+
lsvaty: testing_plan_complete-
mgoldboi: planning_ack+
juan.hernandez: devel_ack+
pstehlik: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-04 13:27:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1092744    

Description Alon Bar-Lev 2015-11-26 21:08:24 UTC 
Now that ovirt sso[1] is in place we can integrate the api to use the OAuth2 authentication instead of using the non standard restapi session management, we may even remove this mechanism if not actually required.

The /sso/oauth/token[-http-auth] with grant type [urn:ovirt:params:oauth:grant-type:http] entry points are probably what should be used for user/password authentication or spnego.

Once obtained authorization header of Bearer TOKEN should be used to access restapi.

We will probably require some modification to session timeouts as an extension to OAuth2, let's see what missing.

[1] http://www.ovirt.org/images/4/4c/OVirt_SSO_Specification.pdf
Comment 2 Juan Hernández 2016-04-07 10:44:42 UTC 
*** Bug 1308460 has been marked as a duplicate of this bug. ***