On Fri, Jun 29, 2018 at 1:39 PM, Hari Prasanth Loganathan <
hariprasanth.l(a)msystechnologies.com> wrote:
Thanks Ondra for the response.
*This is my use case : *
We have three components in our setup
1) Our Script (application using python)
2) Ovirt
3) LDAP (Also integrated to oVirt)
1) Our Python application is authenticating to LDAP and it creates a token
for our application
2) For accessing the API's in oVIrt, I need to contact to the oVirt API
which authenticates and creates a token for it
3) then I need to maintain the token of my application with its mapping to
the ovirt tokenId in my application.
*Difficulty :*
*When I want to hit any oVirt API, First I perform the token check in my
application (using my application token) then I need to perform the ovirt
token check in oVirt using the ovirt token Id I maintain in the
application. *
*To Achieve : *
*So I want a feature, which perform authentication check only in my
application and then from my application I need to contact the ovirt APIs
without authentication / authorization check. I don't want ovirt to perform
authentication / authorization check. *
* 1) I would like to know Is there a way to skip the authentication and
authorization in oVIrt? *
No, but you can configure oVirt to use for example kerberos or CAS to
receive authentication
*2) Or Is it possible to point the authentication validation for
oVirt (to
my application / to some URL which I configure) which always return true
and allow for all oVirt API's?*
No, as mentioned above you can only configure oVirt to use Apache
authentication (kerberos, CAS, ...)
*If any thing is not clear I will update the mail and send you.*
*Thanks *
On Fri, Jun 29, 2018 at 5:00 PM, Ondra Machacek <omachace(a)redhat.com>
wrote:
> What's your use-case? You need all users to access without any
> username/password? Why not rather share some username/password of guest
> account them?
>
> On 06/29/2018 12:39 PM, Hari Prasanth Loganathan wrote:
>
>> Guys any update on this, If you have any clarification in my query
>> please let me know.
>>
>> Thanks,
>> Hari
>>
>> On Thu, Jun 28, 2018 at 6:19 PM, Hari Prasanth Loganathan <
>> hariprasanth.l(a)msystechnologies.com <mailto:hariprasanth.l@msystec
>> hnologies.com>> wrote:
>>
>> Hi Team,
>>
>> We have three components in our setup
>>
>> 1) Our Script (application using python)
>> 2) Ovirt
>> 3) LDAP (Also integrated to oVirt)
>>
>> 1) Our Python application is authenticating to LDAP and it creates a
>> token for our application
>> 2) For accessing the API's in oVIrt, I need to contact to the oVirt
>> API which authenticates and creates a token for it
>> 3) then I need to maintain the token of my application with its
>> mapping to the ovirt tokenId in my application.
>>
>> When I want to hit any oVirt API, First I perform the token check in
>> my application (using my application token) then I need to perform
>> the ovirt token check in oVirt.
>>
>> 1)*I would like to know Is there a way to skip the authentication
>> and authorization in oVIrt?
>> *
>> 2)*Or Is it possible to point the authentication check for oVirt (to
>> my application / to some URL which I configure) which always return
>> true and allow for all oVirt API's?*
>>
>>
>> *I did some analysis and verified the oVirt code in github,
>> Identified that it is going via a fliter in web.xml which points to
>> the class, Is it possible to tune this? *
>>
>>
>> <filter>
>>
<filter-name>RestApiSessionValidationFilter</filter-name>
>> <filter-class>org.ovirt.engine
>> .core.aaa.filters.RestApiSessionValidationFilter</filter-class>
>> </filter>
>> <filter-mapping>
>>
<filter-name>RestApiSessionValidationFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>> <filter>
>> <filter-name>SessionValidationFilter</filter-name>
>> <filter-class>org.ovirt.engine
>> .core.aaa.filters.SessionValidationFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>SessionValidationFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>> <filter>
>> <filter-name>SsoRestApiAuthFilter</filter-name>
>> <filter-class>org.ovirt.engine
>> .core.aaa.filters.SsoRestApiAuthFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>SsoRestApiAuthFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>> <filter>
>> <filter-name>SsoRestApiNegotiationFilter</filter-name>
>> <filter-class>org.ovirt.engine
>> .core.aaa.filters.SsoRestApiNegotiationFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>SsoRestApiNegotiationFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>> If my query is not clear, please let me know.
>>
>> Thanks,
>> Hari
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
https://www.ovirt.org/communit
>> y/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archiv
>> es/list/users(a)ovirt.org/message/R5QK6VPZ5OQXHBODY4BY5JHJCC4X2ZKV/
>>
>>
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-
guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/
message/TYQ54CXHZWYU2N7ZFMUERBD44TERMTBE/
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.