In this case turning off the callback prefix check should be helpful

Create a new conf file /etc/ovirt-engine/engine.conf.d/99-sso.conf and add the line below to the file. This will turn off the additional security check for the callback prefix.

SSO_CALLBACK_PREFIX_CHECK=false

Ravi

On Tue, Aug 22, 2017 at 9:29 AM, Martin Perina <mperina@redhat.com> wrote:

Adding Ravi

On Mon, Aug 21, 2017 at 10:53 AM, Roy Golan <rgolan@redhat.com> wrote:

When using OST you get an engine on isolated network, that in order to make available you must tunnel. When tunnelling you end up with a URI with a uncommon port or hostname that will result an error while authenticating:

URL: https://localhost:9000/ovirt-engine

This displays this error:

" The redirection URI for client is not registered " See screenshot

Can we expose the expected valid redirect urls? Is it used for something else than obscurity?

If we can expose it then at least a message of the form would be better:
" Please make sure to connect to https://EXPECTED/URL "

\R

_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel