Bug 1574951 - [RFE] Using SAML authn with Administration/User Portal the users must be created manually
Summary: [RFE] Using SAML authn with Administration/User Portal the users must be crea...
Status: CLOSED DUPLICATE of bug 1570040
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.1.10
Hardware: All
OS: Linux
Target Milestone: ovirt-4.3.1
: 4.3.0
Assignee: Ravi Nori
QA Contact: Petr Matyáš
Depends On: 1570040 1588375
Blocks: 1574958
TreeView+ depends on / blocked
Reported: 2018-05-04 12:07 UTC by Juan Manuel Parrilla Madrid
Modified: 2019-04-28 09:19 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 1570040
: 1574958 (view as bug list)
Last Closed: 2019-01-31 18:06:27 UTC
oVirt Team: Infra
Target Upstream Version:

Attachments (Terms of Use)

Description Juan Manuel Parrilla Madrid 2018-05-04 12:07:55 UTC
Description of problem:
I have been working with RHEV development people, concretely with "mmartinv" to make work mod_auth_mellon with internal-auth and it works fine. The issue comes with the Sing-Up of the user, we must precreate a user on the RHSSO server (or LDAP federation) and also do it the same on RHEV-M. 

The point of this bug is, create a user on internal ddbb (if not exists) when a SAML successfully login comes from the SAML server or trigger a proccess that makes this sing up.

Comment 1 Juan Manuel Parrilla Madrid 2018-05-04 12:22:32 UTC
This bug is also related with:

- https://bugzilla.redhat.com/show_bug.cgi?id=1574958
- https://bugzilla.redhat.com/show_bug.cgi?id=1570040

Comment 2 Martin Perina 2018-05-11 13:16:12 UTC
What's the difference between this bug and BZ1574958? Users needs to have assign some permission to be able to login into either webadmin or VM portal

Comment 3 Martin Perina 2018-05-28 06:41:00 UTC

Comment 4 Juan Manuel Parrilla Madrid 2018-06-05 13:52:15 UTC
Commented here: https://bugzilla.redhat.com/show_bug.cgi?id=1570040#c9

The problem is related because in the other bug there is not integration, and this bug comes when the integration are applied/configured in a manual way, I mean, the https://bugzilla.redhat.com/show_bug.cgi?id=1570040 bug is to implement a good way to integrate with RHSSO. The purpose of this other bug is following a "general guide to integrate with a SAML service" the RHEV platform must catch the users and create them inside of the database when a SAML login happens.

I hope you have explained me well, because is not easy :)).

Comment 5 Sandro Bonazzola 2019-01-28 09:41:54 UTC
This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.

Comment 7 Ravi Nori 2019-01-31 18:06:27 UTC
The patches for BZ 1570040 gives admin access to users that belong to ovirt-administrator ldap group. 

So automatic admin access to users will be granted based on their ldap group. ovirt-administrator is a built in group on ovirt-engine that is configured during setup specifically for integration with external authentication with OIDC provider RHSSO/Keycloak.

*** This bug has been marked as a duplicate of bug 1570040 ***

Note You need to log in before you can comment on or make changes to this bug.