What exactly are you missing?
Up-to-date information is e.g. https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html/administration_guide/configuring_ldap_and_kerberos_for_single_sign-on

Hi Michal,

This looks perfect, when I look fot SSO integration on RHN this didn't comes up, on google just shows the 3.5 version. Maybe I was not using the right words. BTW, thanks this is what I was looking for.

Thanks buddy.

Regards

This works on 4.1 version also¿¿ or just on 4.2 Beta version?

This works on 4.1 version also¿¿ or just on 4.2 Beta version?

4.0 or so. You can see all docs for all versions at https://access.redhat.com/documentation/en-us/red_hat_virtualization/

Hi there,

I was reviewing the documentation but I didn't see anything related with SAML or RHSSO, maybe I skip something?. I was looking for an integration with RH SSO or SAML/OpenID.

Thanks in advance

Were you able to configure RHSSO with RHV? If so could you please attach your solution to the bug?

(In reply to Martin Perina from comment #7)
> Were you able to configure RHSSO with RHV? If so could you please attach
> your solution to the bug?

Ping

Yeah, but I face a problem with non-federated users. I mean:

I have a RHSSO instance running federated against a LDAP, this LDAP gives me many users and I could login into RHSSO without problems. The problem comes when I try to login into RHV because those users not exists at RHEV level because that is not federated against nothing. TL;DR I succed at login but when the RHSSO redirects to RHEV login portal, the answer is that I have not permission to login.

I have the instance still runnning If you need info or check something.

Any clue to avoid this error?

(In reply to Juan Manuel Parrilla Madrid from comment #9)
> Yeah, but I face a problem with non-federated users. I mean:
> 
> I have a RHSSO instance running federated against a LDAP, this LDAP gives me
> many users and I could login into RHSSO without problems. The problem comes
> when I try to login into RHV because those users not exists at RHEV level
> because that is not federated against nothing. TL;DR I succed at login but
> when the RHSSO redirects to RHEV login portal, the answer is that I have not
> permission to login.
> 
> I have the instance still runnning If you need info or check something.
> 
> Any clue to avoid this error?

I would need to see your configuration, but here is my guess:

If you have configured SAML on Apache, Apache does the authentication and pass authenticated username to RHV manager using aaa-misc extension. Then RHV SSO try to find authz configuration using aaa-ldap extension, which will try to connect to associated LDAP and fetch additional information about user. So do you have this aaa-ldap authz extension configured?

Hi there,

no, I didn't configure the aaa-ldap to federate the RHEV Manager because I supose that this already works. The point of this BZ is to have an integration at API level to create the users without the need of a LDAP federated en RHEV side but on RHSSO/Keycloak side.

regards

Tentatively moving to 4.3, we will either support SAML tracked here or OIDC tracked in BZ1588375

All referenced patches have been merged, can this move to modified?

*** Bug 1588375 has been marked as a duplicate of this bug. ***

Verified on ovirt-engine-4.3.0-0.2.master.20181127150027.gitd731af3.el7.noarch

QE verification bot: the bug was verified upstream

*** Bug 1574951 has been marked as a duplicate of this bug. ***

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1085

BZ<2>Jira Resync