Description of problem: I have been working with RHEV development people, concretely with "mmartinv" to make work mod_auth_mellon with internal-auth and it works fine. The issue comes with the Sing-Up of the user, we must precreate a user on the RHSSO server (or LDAP federation) and also do it the same on RHEV-M. The point of this bug is, create a user on internal ddbb (if not exists) when a SAML successfully login comes from the SAML server or trigger a proccess that makes this sing up.
This bug is also related with: - https://bugzilla.redhat.com/show_bug.cgi?id=1574958 - https://bugzilla.redhat.com/show_bug.cgi?id=1570040
What's the difference between this bug and BZ1574958? Users needs to have assign some permission to be able to login into either webadmin or VM portal
Ping
Commented here: https://bugzilla.redhat.com/show_bug.cgi?id=1570040#c9 The problem is related because in the other bug there is not integration, and this bug comes when the integration are applied/configured in a manual way, I mean, the https://bugzilla.redhat.com/show_bug.cgi?id=1570040 bug is to implement a good way to integrate with RHSSO. The purpose of this other bug is following a "general guide to integrate with a SAML service" the RHEV platform must catch the users and create them inside of the database when a SAML login happens. I hope you have explained me well, because is not easy :)).
This bug has not been marked as blocker for oVirt 4.3.0. Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
The patches for BZ 1570040 gives admin access to users that belong to ovirt-administrator ldap group. So automatic admin access to users will be granted based on their ldap group. ovirt-administrator is a built in group on ovirt-engine that is configured during setup specifically for integration with external authentication with OIDC provider RHSSO/Keycloak. *** This bug has been marked as a duplicate of bug 1570040 ***