On Wed, Jul 4, 2018 at 1:54 PM, Hari Prasanth Loganathan <
hariprasanth.l(a)msystechnologies.com> wrote:
Okay Thanks Martin.
I already come across this blog but curious any way to point the
authentication and authorization to my HTTP URL. so that I don't want to
depend on the ovirt token.
There's no way how to replace oVirt SSO with different implementation, you
need to use oVirt token.
But other than relying on Apache you could also configure your application
as OpenID Connect client to oVirt SSO similarly as it's described for
Kibana/Elastic search integration:
On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina <mperina(a)redhat.com> wrote:
>
>
> On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan <
> hariprasanth.l(a)msystechnologies.com> wrote:
>
>> Hi Team,
>>
>> I want oVirt to point to my Authentication / Authorization HTTP URL, so
>> I modified the following property in
>> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*
>>
>>
>> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
>> ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso"
>>
>> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>> SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/"
>>
>>
>
>> I verified in the log and found the following message :
>>
>> engine.log:2018-07-04 15:12:46,238+05 INFO
>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
>> Thread Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is '
>>
http://172.30.39.176:9090/api/auth/sso';.
>> engine.log:2018-07-04 15:12:46,244+05 INFO
>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
>> Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
>>
http://172.30.39.176:9090/api/auth/';.
>>
>>
>> But still it is not point to my Authentication URL, Is there any other
>> change we need to make to point the oVirt Authentication to my HTTP URL?
>>
>
> Hi,
>
> what exactly are you trying to achieve? To change URL where engine is
> available or to replace existing oVirt SSO module with custom
> implementation? If the latter, then this is not supported.
>
> But if you need to configure additional authentication methods, for
> example kerberos SSO or CAS, you can do this using combination of Apache
> with relevant modules + ovirt-engine-extension-aaa-lda
> p/ovirt-engine-extension-aaa-misc packages:
>
>
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/
> blob/master/README
>
https://github.com/oVirt/ovirt-engine-extension-aaa-misc/
> blob/master/README.http
>
https://www.ovirt.org/blog/2016/04/sso/
>
> Regards
>
> Martin
>
>
>>
>> Thanks,
>> Hari
>>
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
https://www.ovirt.org/communit
>> y/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archiv
>> es/list/users(a)ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/
>>
>>
>
>
> --
> Martin Perina
> Associate Manager, Software Engineering
> Red Hat Czech s.r.o.
>
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.