Bug 1308458 - [RFE] Access to API using only session id (Java SDK)
[RFE] Access to API using only session id (Java SDK)
Status: CLOSED DUPLICATE of bug 1285885
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-sdk-java (Show other bugs)
3.6.2
Unspecified Unspecified
medium Severity unspecified
: ovirt-4.0.0-alpha
: ---
Assigned To: Juan Hernández
Gonza
: FutureFeature
: 1308459 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-15 04:46 EST by Gonza
Modified: 2016-06-09 10:16 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-07 06:42:46 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
grafuls: needinfo-


Attachments (Terms of Use)

  None (edit)
Description Gonza 2016-02-15 04:46:47 EST
Description of problem:
Currently the API has support for passing session id as a parameter but username and password are still required.
We would like to have the ability of accessing the API without needing to input username and password when we are passing the session id.

Version-Release number of selected component (if applicable):
rhevm-sdk-java-3.6.2.0-2.el6ev.noarch.rpm

How reproducible:
100%

Steps to Reproduce:
1. Try to access API using only session ID

Actual results:
Username and password are required

Expected results:
We can access the API only passing session id to the constructor.
Comment 1 Oved Ourfali 2016-02-16 02:27:34 EST
We are deprecating the session ID entirely, and using a token.
However, in general if you have a session ID, you can access without a username and password. But, perhaps it isn't exposed in the java SDK.

Juan/Ravi - thoughts?
Comment 2 Oved Ourfali 2016-02-16 02:28:49 EST
*** Bug 1308459 has been marked as a duplicate of this bug. ***
Comment 3 Ravi Nori 2016-02-17 12:51:09 EST
Once integration with SSO is complete, api will acquire a SSO access token providing the required credentials (user name/password or external auth).

After this the api is required to only pass the sso access token as bearer authentication and does not require to pass the credentials. So instead of session id we will be using access token.
Comment 4 Oved Ourfali 2016-02-25 03:12:29 EST
Juan - will it work well in the SDK in 4.0?
Comment 5 Oved Ourfali 2016-02-25 03:12:55 EST
Also related to Bug 1308460
Comment 6 Juan Hernández 2016-02-25 04:16:20 EST
Yes, it will work, but it isn't implemented yet.
Comment 7 Juan Hernández 2016-03-14 13:33:12 EDT
Gonzalo, can you try to repeat your test passing the name of the session cookie as well as the value?

  // Get the session id from somewhere:
  String sessionId = ...;

  // Create the builder:
  ApiBuilder builder = new ApiBuilder()
    .url(URL)
    .sessionId("JSESSIONID=" + sessionId)
    .keyStorePath("ca.jks")
    .keyStorePassword("mykeystorepassword")
    .debug(DEBUG);

  // The "ca.jks" file above needs to be created from
  // the CA certificate of the engine, which is usually
  // located in the "/etc/pki/ovirt-engine/ca.pem" file.
  // Get that file, and then use a the "keytool" command
  // to import it to the "ca.jks" keystore file:
  //
  // keytool \
  // -importcert \
  // -keystore ca.jks \
  // -file ca.pem \
  // -alias ca \
  // -storepass mykeystorepassword \
  // -noprompt
  //
  // The resulting "ca.jks" file only contains the CA
  // certificate, so its content isn't confidential.

  // Create the API object:
  Api api = builder.build();
Comment 8 Juan Hernández 2016-04-07 06:42:46 EDT
Closing as duplicate of the RFE to add support for SSO authentication.

*** This bug has been marked as a duplicate of bug 1285885 ***

Note You need to log in before you can comment on or make changes to this bug.