Bug 1308458 - [RFE] Access to API using only session id (Java SDK)
Summary: [RFE] Access to API using only session id (Java SDK)
Keywords:
Status: CLOSED DUPLICATE of bug 1285885
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-sdk-java
Version: 3.6.2
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ovirt-4.0.0-alpha
: ---
Assignee: Juan Hernández
QA Contact: Gonza
URL:
Whiteboard:
: 1308459 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-15 09:46 UTC by Gonza
Modified: 2016-06-09 14:16 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-07 10:42:46 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:
grafuls: needinfo-

Attachments (Terms of Use)

Description Gonza 2016-02-15 09:46:47 UTC 
Description of problem:
Currently the API has support for passing session id as a parameter but username and password are still required.
We would like to have the ability of accessing the API without needing to input username and password when we are passing the session id.

Version-Release number of selected component (if applicable):
rhevm-sdk-java-3.6.2.0-2.el6ev.noarch.rpm

How reproducible:
100%

Steps to Reproduce:
1. Try to access API using only session ID

Actual results:
Username and password are required

Expected results:
We can access the API only passing session id to the constructor.
Comment 1 Oved Ourfali 2016-02-16 07:27:34 UTC 
We are deprecating the session ID entirely, and using a token.
However, in general if you have a session ID, you can access without a username and password. But, perhaps it isn't exposed in the java SDK.

Juan/Ravi - thoughts?
Comment 2 Oved Ourfali 2016-02-16 07:28:49 UTC 
*** Bug 1308459 has been marked as a duplicate of this bug. ***
Comment 3 Ravi Nori 2016-02-17 17:51:09 UTC 
Once integration with SSO is complete, api will acquire a SSO access token providing the required credentials (user name/password or external auth).

After this the api is required to only pass the sso access token as bearer authentication and does not require to pass the credentials. So instead of session id we will be using access token.
Comment 4 Oved Ourfali 2016-02-25 08:12:29 UTC 
Juan - will it work well in the SDK in 4.0?
Comment 5 Oved Ourfali 2016-02-25 08:12:55 UTC 
Also related to Bug 1308460
Comment 6 Juan Hernández 2016-02-25 09:16:20 UTC 
Yes, it will work, but it isn't implemented yet.
Comment 7 Juan Hernández 2016-03-14 17:33:12 UTC 
Gonzalo, can you try to repeat your test passing the name of the session cookie as well as the value?

  // Get the session id from somewhere:
  String sessionId = ...;

  // Create the builder:
  ApiBuilder builder = new ApiBuilder()
    .url(URL)
    .sessionId("JSESSIONID=" + sessionId)
    .keyStorePath("ca.jks")
    .keyStorePassword("mykeystorepassword")
    .debug(DEBUG);

  // The "ca.jks" file above needs to be created from
  // the CA certificate of the engine, which is usually
  // located in the "/etc/pki/ovirt-engine/ca.pem" file.
  // Get that file, and then use a the "keytool" command
  // to import it to the "ca.jks" keystore file:
  //
  // keytool \
  // -importcert \
  // -keystore ca.jks \
  // -file ca.pem \
  // -alias ca \
  // -storepass mykeystorepassword \
  // -noprompt
  //
  // The resulting "ca.jks" file only contains the CA
  // certificate, so its content isn't confidential.

  // Create the API object:
  Api api = builder.build();
Comment 8 Juan Hernández 2016-04-07 10:42:46 UTC 
Closing as duplicate of the RFE to add support for SSO authentication.

*** This bug has been marked as a duplicate of bug 1285885 ***
Note You need to log in before you can comment on or make changes to this bug.