Bug 1285889 - [AAA][RestAPI] Remove support of SPNEGO directly to RestAPI
Summary: [AAA][RestAPI] Remove support of SPNEGO directly to RestAPI
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RestAPI
Version: ---
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Ravi Nori
QA Contact: Lukas Svaty
URL:
Whiteboard:
Depends On:
Blocks: 1455534
TreeView+ depends on / blocked
 
Reported: 2015-11-26 21:15 UTC by Alon Bar-Lev
Modified: 2022-02-23 14:28 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-03-12 16:25:58 UTC
oVirt Team: Infra
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHV-44798 0 None None None 2022-02-23 14:28:36 UTC

Description Alon Bar-Lev 2015-11-26 21:15:22 UTC
Since 3.5 we support direct SPNEGO to RestAPI.
In 4.0 we have SSO service that among other supports SNEGO.
As a result there is no need to support any authentication method but Basic and Bearer within our webapp.
Removing other authentication methods will enable us to remove all Authn/Authz extensions from BLL space, and stop using the login-on-behalf of SSO, removing this sensitive privilege from RestAPI client.

Juan, once this is ACKed, rnori can remove the necessary code.

Comment 1 Red Hat Bugzilla Rules Engine 2015-11-27 06:06:45 UTC
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 2 Red Hat Bugzilla Rules Engine 2015-11-30 22:37:40 UTC
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.

Comment 4 Juan Hernández 2016-04-06 11:17:52 UTC
This support can't be removed from the engine before we remove the support for version 3 of the API, and that won't happen before 4.1, so I'm re-targeting.

Comment 5 Ravi Nori 2019-03-12 16:25:58 UTC
We have decided to keep the support of SPNEGO directly to RestAPI as a convenience feature


Note You need to log in before you can comment on or make changes to this bug.