Description of problem: I have found some info regarding SSO integration with RHEV Manager for Usser and Administration portal, but all the info pointing to version 3.5. - Is still valid this configuration? If the answer is yes, must be on the official documentation from 3.6 until the latest. If not is neccesary to make the integration work again. I am following some clues: - The best: https://access.redhat.com/sites/default/files/attachments/saml.pdf (still checking if it works) - https://bugzilla.redhat.com/show_bug.cgi?id=884653 (closed errata) btw the point of this BZ is give the customer a guide to integrate the Admin/User portal of Red Hat Virtualization with RHSSO/SAML clearer than already exists.
What exactly are you missing? Up-to-date information is e.g. https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html/administration_guide/configuring_ldap_and_kerberos_for_single_sign-on
Hi Michal, This looks perfect, when I look fot SSO integration on RHN this didn't comes up, on google just shows the 3.5 version. Maybe I was not using the right words. BTW, thanks this is what I was looking for. Thanks buddy. Regards
This works on 4.1 version also¿¿ or just on 4.2 Beta version?
4.0 or so. You can see all docs for all versions at https://access.redhat.com/documentation/en-us/red_hat_virtualization/
Hi there, I was reviewing the documentation but I didn't see anything related with SAML or RHSSO, maybe I skip something?. I was looking for an integration with RH SSO or SAML/OpenID. Thanks in advance
Were you able to configure RHSSO with RHV? If so could you please attach your solution to the bug?
(In reply to Martin Perina from comment #7) > Were you able to configure RHSSO with RHV? If so could you please attach > your solution to the bug? Ping
Yeah, but I face a problem with non-federated users. I mean: I have a RHSSO instance running federated against a LDAP, this LDAP gives me many users and I could login into RHSSO without problems. The problem comes when I try to login into RHV because those users not exists at RHEV level because that is not federated against nothing. TL;DR I succed at login but when the RHSSO redirects to RHEV login portal, the answer is that I have not permission to login. I have the instance still runnning If you need info or check something. Any clue to avoid this error?
(In reply to Juan Manuel Parrilla Madrid from comment #9) > Yeah, but I face a problem with non-federated users. I mean: > > I have a RHSSO instance running federated against a LDAP, this LDAP gives me > many users and I could login into RHSSO without problems. The problem comes > when I try to login into RHV because those users not exists at RHEV level > because that is not federated against nothing. TL;DR I succed at login but > when the RHSSO redirects to RHEV login portal, the answer is that I have not > permission to login. > > I have the instance still runnning If you need info or check something. > > Any clue to avoid this error? I would need to see your configuration, but here is my guess: If you have configured SAML on Apache, Apache does the authentication and pass authenticated username to RHV manager using aaa-misc extension. Then RHV SSO try to find authz configuration using aaa-ldap extension, which will try to connect to associated LDAP and fetch additional information about user. So do you have this aaa-ldap authz extension configured?
Hi there, no, I didn't configure the aaa-ldap to federate the RHEV Manager because I supose that this already works. The point of this BZ is to have an integration at API level to create the users without the need of a LDAP federated en RHEV side but on RHSSO/Keycloak side. regards
Tentatively moving to 4.3, we will either support SAML tracked here or OIDC tracked in BZ1588375
All referenced patches have been merged, can this move to modified?
*** Bug 1588375 has been marked as a duplicate of this bug. ***
Verified on ovirt-engine-4.3.0-0.2.master.20181127150027.gitd731af3.el7.noarch
QE verification bot: the bug was verified upstream
*** Bug 1574951 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:1085
BZ<2>Jira Resync