Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 884653 - [RFE][AAA] support single sign-on to user and admin portals
[RFE][AAA] support single sign-on to user and admin portals
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: RFEs (Show other bugs)
3.1.0
Unspecified Unspecified
medium Severity medium
: ---
: 3.5.0
Assigned To: Alon Bar-Lev
Ondra Machacek
infra
: FutureFeature, TechPreview
: 971504 (view as bug list)
Depends On:
Blocks: 1113937 rhev3.5beta 1156165
  Show dependency treegraph
 
Reported: 2012-12-06 08:50 EST by Petr Spacek
Modified: 2016-02-10 14:32 EST (History)
32 users (show)

See Also:
Fixed In Version: vt2.2
Doc Type: Technology Preview
Doc Text:
Tech Preview ============ Package(s) providing the Technology Preview: Description of the Technology Preview: ---------------------------------------------------- Release Note ============ - When SSO is used: the "sign out" button in the User Portal and Admin Portal will not function at all, i.e. the user will remain logged in even after clicking "sign out". For properly signing out, the user would need to sign out from the SSO provider. - When SSO is not used: the "sign out" button in the User Portal and Admin Portal will not function in case the user has previously accessed the rest-api via the same browser session. In order to properly sign out, the user would need to completely close the browser, re-open it and re-access the desired application (which will now require the user to login).
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-11 12:51:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 463963 None None None Never
Red Hat Product Errata RHSA-2015:0158 normal SHIPPED_LIVE Important: Red Hat Enterprise Virtualization Manager 3.5.0 2015-02-11 17:38:50 EST

  None (edit)
Description Petr Spacek 2012-12-06 08:50:01 EST 
Description of problem:
Current user and admin portal doesn't support SSO. It would be nice to support SSO to user and admin portals.

AFAIK it doesn't add any new requirement for installation, because Kerberos have to be in place anyway. It will "just" save single login/password dialog to the user (and will result in more secure authentication...)

RHEV-M 3.1 requires Kerberos for directory services to work as stated in
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1/html-single/Installation_Guide/index.html#sect-Software_Requirements section 2.3.4.2. "Directory Services Support in Red Hat Enterprise Virtualization".

  
Actual results:
User is asked for login and password (via web form) before each access to user and admin portals.


Expected results:
User is automatically logged in when it has Kerberos ticket. Login/password prompt is shown when ticket is not available or is invalid.


Additional info:
Feel free to contact freeipa-devel@redhat.com with questions about Kerberos integration.

Some integration examples can be found at http://freeipa.org/page/HowTos#3rd_party_Applications_Integration

Plain libvirt+Kerberos integration is described at http://freeipa.org/page/Libvirt_with_VNC_Consoles
Comment 1 Itamar Heim 2012-12-06 14:46:18 EST 
related to bug 570191
Comment 2 Pavel Zhukov 2013-06-10 04:18:19 EDT 
*** Bug 971504 has been marked as a duplicate of this bug. ***
Comment 3 Sigbjorn Lie 2013-08-27 17:44:37 EDT 
Could the existing mod_auth_kerb be used to handle the authentication?

We use this with several web sites today and we know it works, both with IPA and with Active Directory at the same time.
Comment 5 Dmitri Pal 2013-12-18 20:37:24 EST 
We have a design now.
http://www.ovirt.org/Features/SSO
Alon Bar Lev might know more about when it will be implemented.
Comment 11 Luca Miccini 2014-06-27 06:12:57 EDT 
Hi Alon, 

bug#570191 seems to be about: 

"support Kerberos authentication (for REST API)"

or are you suggesting (as per your comment #10 and the reference to http://www.freeipa.org/page/Web_App_Authentication) that in 3.5 we are going to delegate the entire authentication to apache?
Comment 12 Alon Bar-Lev 2014-06-27 08:44:24 EDT 
(In reply to Luca Miccini from comment #11)
> Hi Alon, 
> 
> bug#570191 seems to be about: 
> 
> "support Kerberos authentication (for REST API)"
> 
> or are you suggesting (as per your comment #10 and the reference to
> http://www.freeipa.org/page/Web_App_Authentication) that in 3.5 we are going
> to delegate the entire authentication to apache?

yes, see bug#1113937 as well. we will release this as technology preview for 3.5.
Comment 13 Alon Bar-Lev 2014-07-21 06:36:44 EDT 
Support for SSO customization will be available at 3.5.0, see bug#1113937.
Comment 17 Alon Bar-Lev 2014-11-04 03:38:11 EST 
Move doc note to block, remove from documentation, no reason to document same feature several times.
Comment 19 errata-xmlrpc 2015-02-11 12:51:02 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.