Red Hat Bugzilla – Bug 1285889
[AAA][RestAPI] Remove support of SPNEGO directly to RestAPI
Last modified: 2018-01-04 09:01:40 EST
Since 3.5 we support direct SPNEGO to RestAPI.
In 4.0 we have SSO service that among other supports SNEGO.
As a result there is no need to support any authentication method but Basic and Bearer within our webapp.
Removing other authentication methods will enable us to remove all Authn/Authz extensions from BLL space, and stop using the login-on-behalf of SSO, removing this sensitive privilege from RestAPI client.
Juan, once this is ACKed, rnori can remove the necessary code.
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
This support can't be removed from the engine before we remove the support for version 3 of the API, and that won't happen before 4.1, so I'm re-targeting.