<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Yap, that the solution i was thinking
      about as "last resort".<br>
      <br>
      We have direct connection to engine, and currently we get
      connection parameters as this (after initializing connection,
      etc...):<br>
      <br>
      <br>
                  display = vm.get_display()<br>
                  ticket = vm.ticket().get_ticket()<br>
                  return {<br>
                      'type': display.get_type(),<br>
                      'address': display.get_address(),<br>
                      'port': display.get_port(),<br>
                      'secure_port': display.get_secure_port(),<br>
                      'monitors': display.get_monitors(),<br>
                      'cert_subject':
      display.get_certificate().get_subject(),<br>
                      'ticket': {<br>
                          'value': ticket.get_value(),<br>
                          'expiry': ticket.get_expiry()<br>
                      }<br>
      <br>
      So we get all we need to connect. (we replace with returned data
      the ".vv" file created by oVirt admin on connect, and it works).
      Don't know exactly right now how to use vdsClient code for this,
      but i have already seen that it uses xmlrcp, so maybe, i can
      "invoke" the desktopLogin command using directly xmlrpc... will
      see<br>
      <br>
      We will make some tests on this, and let's see what happens<br>
      <br>
      Thank you very much for your help ;)<br>
      <br>
      Adolfo Gómez<br>
      <br>
      El 07/05/2015 a las 4:55, Dan Yasny escribió:<br>
    </div>
    <blockquote
cite="mid:CALLXwb5Sb4gqiQaVhzDjQRaBHEC2k8BOzRo_e_BC+_b59ym41Q@mail.gmail.com"
      type="cite">
      <div dir="ltr">You can pass the credentials directly to the guest
        agent using vdsClient on the host, among other things:
        <div><br>
        </div>
        <div>
          <div>desktopLock</div>
          <div>        &lt;vmId&gt;</div>
          <div>        Logoff current user</div>
          <div>desktopLogin</div>
          <div>        &lt;vmId&gt; &lt;domain&gt; &lt;user&gt;
            &lt;password&gt;</div>
          <div>        Login to vmId desktop using the supplied
            credentials</div>
          <div>desktopLogoff</div>
          <div>        &lt;vmId&gt; &lt;force&gt;</div>
          <div>        Lock user session. force should be set to
            true/false</div>
        </div>
        <div><br>
        </div>
        <div>Will probably require key based remote ssh execution, and
          API calls to the engine, to determine the host and VM UUID</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, May 6, 2015 at 10:45 PM, Adolfo
          <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>I know, but this all is used from "ovirt portal", and
                we are only using ovirt api, the portal is provided by
                own broker :)<br>
                <br>
                I'm currently looking at the code of vdsClient, to see
                if i can replicate the "desktopLogin" feature.<br>
                <br>
                This was why i was wondering if this is the place to
                post this, because it's more related to "development",
                but not to de development of ovirt itself (or yes, don't
                know right now... :) )<br>
                <br>
                Thank you<br>
                <br>
                Adolfo Gómez
                <div>
                  <div class="h5"><br>
                    <br>
                    <br>
                    El 07/05/2015 a las 4:40, Dan Yasny escribió:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">This is exactly what the SSO feature
                      is for. 
                      <div><br>
                      </div>
                      <div><a moz-do-not-send="true"
                          href="http://www.ovirt.org/Features/SSO"
                          target="_blank">http://www.ovirt.org/Features/SSO</a></div>
                      <div><a moz-do-not-send="true"
                          href="http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows"
                          target="_blank">http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows</a></div>
                      <div><a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html"
                          target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html</a><br>
                        <div><br>
                        </div>
                        <div><br>
                        </div>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Wed, May 6, 2015 at
                        10:24 PM, Adolfo <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:agomez@virtualcable.es"
                            target="_blank">agomez@virtualcable.es</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">Hello,<br>
                          <br>
                          My name is Adolfo. I'm in charge of the
                          development of UDS, an open source connection
                          broker (with commercial support if requested)
                          (<a moz-do-not-send="true"
                            href="http://www.ovirt.org/Universidad_de_Sevilla_Case_Study"
                            target="_blank">http://www.ovirt.org/Universidad_de_Sevilla_Case_Study</a>
                          is done with it for example).<br>
                          <br>
                          I don't know if this is the place to post this
                          "request for help", if not, please forgive me
                          :)<br>
                          <br>
                          The case is that we are including Spice as an
                          accepted protocol for connecting to VMs
                          (currently we allow rdp, rgs, nx, ...)
                          provided by oVirt, and we have found the
                          following "issue".<br>
                          <br>
                          It's ease to get the connection parameters for
                          the VM using REST api, even get the ticket for
                          allowing connection, but i have been looking
                          for a way "logging user" directly into
                          desktop, not only connect to "display" but
                          also "log in" into remote without needed to
                          use a second authentication.<br>
                          <br>
                          I have seen that oVirt Portal currently allows
                          this, and i have found also that vsdClient can
                          do login using "vdsClient -s &lt;HOSTIP&gt;
                          desktopLogin &lt;VMID&gt; &lt;DOMAIN&gt;
                          &lt;USER&gt; &lt;PASSWORD&gt;", and although
                          it is possible to use this, it will be a bit
                          "tricky" to get it working i think.<br>
                          <br>
                          My question is... ¿Is any way of doing
                          "desktop login" using REST API, or any other
                          "simple method" from an external app such as
                          this broker?.<br>
                          <br>
                          ¿If yes, how? :-)<br>
                          ¿If not, will be support for this an anyone
                          knows how?<br>
                          <br>
                          Thank you, and again, if this is not the
                          correct list, sorry for the annoyance.<br>
                          <br>
                          Adolfo Gómez<br>
                          <br>
_______________________________________________<br>
                          Users mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:Users@ovirt.org"
                            target="_blank">Users@ovirt.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://lists.ovirt.org/mailman/listinfo/users"
                            target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>