2021497 – [RFE] Install and configure Keycloak as a default SSO provider for ovirt-engine

Bug 2021497 - [RFE] Install and configure Keycloak as a default SSO provider for ovirt-engine

Summary: [RFE] Install and configure Keycloak as a default SSO provider for ovirt-engine

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	General
Sub Component:
Version:	4.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.5.1
Target Release:	4.5.1
Assignee:	Artur Socha
QA Contact:	Barbora Dolezalova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1996292
TreeView+	depends on / blocked

Reported:	2021-11-09 12:30 UTC by Martin Perina
Modified:	2022-07-22 07:32 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ovirt-engine-4.5.1, ovirt-engine-keycloak
Clone Of:
Environment:
Last Closed:	2022-07-22 07:32:04 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:
Flags:	mperina: ovirt-4.5+ pm-rhel: planning_ack? pm-rhel: devel_ack+ gdeolive: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	oVirt ovirt-ansible-collection pull 509	None	Merged	roles: hosted_engine_setup: Fix keycloak activation/checking	2022-06-01 12:57:26 UTC
Github	oVirt ovirt-dwh pull 29	None	Merged	packaging: grafana SSO with internal Keycloak	2022-03-30 12:18:22 UTC
Github	oVirt ovirt-dwh pull 39	None	Merged	Reconfigure SSO on keycloak activation	2022-06-01 10:11:07 UTC
Github	oVirt ovirt-engine-keycloak pull 10	None	Merged	Internal Keycloak setup for Ovirt Engine SSO	2022-04-07 07:35:20 UTC
Github	oVirt ovirt-engine-keycloak pull 38	None	Merged	Fix SSO authentication on keycloak activation	2022-06-01 10:11:07 UTC
Github	oVirt ovirt-engine-keycloak pull 43	None	Merged	packaging: Declare keycloak integration as supported	2022-06-08 08:41:24 UTC
Github	oVirt ovirt-engine pull 240	None	open	engine: hide openidc related sensitive keys	2022-04-07 07:34:49 UTC
Github	oVirt ovirt-engine pull 405	None	open	packaging: fix for keycloak httpd conf.d restore	2022-06-01 10:11:07 UTC
Github	oVirt ovirt-engine pull 417	None	Merged	packaging: setup: Add KeycloakEnv.SUPPORTED	2022-06-08 08:41:24 UTC
Github	oVirt ovirt-engine pull 55	None	Merged	Keycloak	2022-04-07 07:35:14 UTC
Red Hat Issue Tracker	RHV-43948	None	None	None	2021-11-09 12:31:06 UTC
oVirt gerrit	117759	master	MERGED	packaging: better naming for rhv build flag	2022-01-12 14:43:25 UTC

Description Martin Perina 2021-11-09 12:30:32 UTC

For new installation Keycloak will be installed and configured by engine-setup to provide default SSO provider for oVirt Engine and Grafana.

For upgrades from previous installation AAA will still be used as default SSO provider, but administrators could switch manually to Keycloak.

Comment 2 Sandro Bonazzola 2022-03-29 16:10:14 UTC

We are past 4.5.0 feature freeze, please re-target.

Comment 3 Sandro Bonazzola 2022-03-29 16:16:40 UTC

We are past 4.5.0 feature freeze, please re-target.

Comment 5 Barbora Dolezalova 2022-06-28 11:18:15 UTC

Verified in ovirt-engine-4.5.1.2-1.el8.noarch

Administration portal, VM portal, Rest api are working.
Only thing missing is shortcut for Keycloak administration portal: bug 2101474

Note You need to log in before you can comment on or make changes to this bug.