Description of problem: Currently the API has support for passing session id as a parameter but username and password are still required. We would like to have the ability of accessing the API without needing to input username and password when we are passing the session id. Version-Release number of selected component (if applicable): rhevm-sdk-java-3.6.2.0-2.el6ev.noarch.rpm How reproducible: 100% Steps to Reproduce: 1. Try to access API using only session ID Actual results: Username and password are required Expected results: We can access the API only passing session id to the constructor.
We are deprecating the session ID entirely, and using a token. However, in general if you have a session ID, you can access without a username and password. But, perhaps it isn't exposed in the java SDK. Juan/Ravi - thoughts?
*** Bug 1308459 has been marked as a duplicate of this bug. ***
Once integration with SSO is complete, api will acquire a SSO access token providing the required credentials (user name/password or external auth). After this the api is required to only pass the sso access token as bearer authentication and does not require to pass the credentials. So instead of session id we will be using access token.
Juan - will it work well in the SDK in 4.0?
Also related to Bug 1308460
Yes, it will work, but it isn't implemented yet.
Gonzalo, can you try to repeat your test passing the name of the session cookie as well as the value? // Get the session id from somewhere: String sessionId = ...; // Create the builder: ApiBuilder builder = new ApiBuilder() .url(URL) .sessionId("JSESSIONID=" + sessionId) .keyStorePath("ca.jks") .keyStorePassword("mykeystorepassword") .debug(DEBUG); // The "ca.jks" file above needs to be created from // the CA certificate of the engine, which is usually // located in the "/etc/pki/ovirt-engine/ca.pem" file. // Get that file, and then use a the "keytool" command // to import it to the "ca.jks" keystore file: // // keytool \ // -importcert \ // -keystore ca.jks \ // -file ca.pem \ // -alias ca \ // -storepass mykeystorepassword \ // -noprompt // // The resulting "ca.jks" file only contains the CA // certificate, so its content isn't confidential. // Create the API object: Api api = builder.build();
Closing as duplicate of the RFE to add support for SSO authentication. *** This bug has been marked as a duplicate of bug 1285885 ***