Description of problem: SSO configuration documentation incorrectly specifies using: ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension in the authn properties when trying to SSO value should be ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.misc.http.AuthnExtension Version-Release number of selected component (if applicable): 3.6.x How reproducible: Always Steps to Reproduce: 1. Follow directions at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/Configuring_LDAP_and_Kerberos_for_Single_Sign-on.html OR 2. Follow directions at https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/administration-guide/154-configuring-ldap-and-kerberos-for-single-sign-on Actual results: Neither work. User authenticated by IdM is not logged in. There is no error message in any of the logs! Expected results: User is logged in correctly... Additional info: Changing the authn configuration to use ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.misc.http.AuthnExtension corrects the SSO login issue. Additionally, there should be a way to automatically add the user REALM to the browser drop down to support systems where SSO is not enabled in the browser. Understandable that this may be a corner case requirement, but adding it here for completeness. No mention of the http-mapping file configuration is mentioned. Also the engine throws a whole tonne of Rewrite recursion errors in the http logs ... this can be resolved by adding RewriteBase / in the ovirt-sso.conf file.
Assigning to Tahlia for review.
Now published at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/Configuring_LDAP_and_Kerberos_for_Single_Sign-on.html