[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

Hi Martin, Thanks for pointing this url. 1) Based on this post, I created a client id using the 'ovirt-register-sso-client-tool' select * from sso_clients; 3 | *test* | eyJhcnRpZmFjdCI6IkVudmVsb3BlUE JFIiwic2FsdCI6IjFuYktJa3JrWEFCc2R5NzNnNFIrc09NWitGNHI1dW5UY2 s1U2t3cWlCMGs9Iiwic2VjcmV0 IjoiRTVwNExDQXpxenhGSHFxdmQwNDhTNDRkN3dNMEwrZVQrYTZlK3lXR044 VT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3Jp dGhtIjoiUEJLREYyV2l0aEh tYWNTSEExIn0= | http://172.30.39.176:9090/api/auth/sso | /root/ssl/ssl/certificate.pem | | oVirt Engine Client | | openid ovirt-app-portal ovirt-app-admin ovirt-app-api ovirt-ext=auth:identity ovirt-ex t=token:password-access ovirt-ext=auth:sequence-priority ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search ovirt-ext=token-info :public-authz-search ovirt-ext=token-info:validate ovirt-ext=revoke:revoke-all | t | TLS | f | t I will store this sso_client information in my application too. 2) Is it possible to use *JUST* this 'client_id' and 'client_secret' to communicate from my application to oVirt instead of oVirt token? I mean like My_Application ---> (using client id - test) oVirt API

Thanks, Hari On Wed, Jul 4, 2018 at 5:32 PM, Martin Perina <mperina(a)redhat.com&gt; wrote: > > > On Wed, Jul 4, 2018 at 1:54 PM, Hari Prasanth Loganathan < > hariprasanth.l(a)msystechnologies.com&gt; wrote: > >> Okay Thanks Martin. >> I already come across this blog but curious any way to point the >> authentication and authorization to my HTTP URL. so that I don't want to >> depend on the ovirt token. >> > > ​There's no way how to replace oVirt SSO with different implementation, > you need to use oVirt token. > > But other than relying on Apache you could also configure your > application as OpenID Connect client to oVirt SSO similarly as it's > described for Kibana/Elastic search integration: > > https://www.ovirt.org/blog/2017/05/openshift-openId-integrat > ion-with-engine-sso/​ > > Then you would have only single token for both your application and oVirt > > >> >> >> >> >> On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina <mperina(a)redhat.com&gt; >> wrote: >> >>> >>> >>> On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan < >>> hariprasanth.l(a)msystechnologies.com&gt; wrote: >>> >>>> Hi Team, >>>> >>>> I want oVirt to point to my Authentication / Authorization HTTP URL, >>>> so I modified the following property in >>>> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf* >>>> >>>> >>>> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso" >>>> ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso" >>>> >>>> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/" >>>> SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/" >>>> ​ >>>> >>> >>>> I verified in the log and found the following message : >>>> >>>> engine.log:2018-07-04 15:12:46,238+05 INFO >>>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService >>>> Thread Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is ' >>>> http://172.30.39.176:9090/api/auth/sso';. >>>> engine.log:2018-07-04 15:12:46,244+05 INFO >>>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService >>>> Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is ' >>>> http://172.30.39.176:9090/api/auth/';. >>>> >>>> >>>> But still it is not point to my Authentication URL, Is there any other >>>> change we need to make to point the oVirt Authentication to my HTTP URL? >>>> >>> >>> ​Hi, >>> >>> what exactly are you trying to achieve? To change URL where engine is >>> available or to replace existing oVirt SSO module with custom >>> implementation? If the latter, then this is not supported. >>> >>> But if you need to configure additional authentication methods, for >>> example kerberos SSO or CAS, you can do this using combination of Apache >>> with relevant modules + ovirt-engine-extension-aaa-lda >>> p/ovirt-engine-extension-aaa-misc packages: >>> >>> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blo >>> b/master/README >>> https://github.com/oVirt/ovirt-engine-extension-aaa-misc/blo >>> b/master/README.http >>> https://www.ovirt.org/blog/2016/04/sso/ >>> >>> Regards >>> >>> Martin >>> ​ >>> >>>> >>>> Thanks, >>>> Hari >>>> >>>> _______________________________________________ >>>> Users mailing list -- users(a)ovirt.org >>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>> oVirt Code of Conduct: https://www.ovirt.org/communit >>>> y/about/community-guidelines/ >>>> List Archives: https://lists.ovirt.org/archiv >>>> es/list/users(a)ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/ >>>> >>>> >>> >>> >>> -- >>> Martin Perina >>> Associate Manager, Software Engineering >>> Red Hat Czech s.r.o. >>> >> >> > > > -- > Martin Perina > Associate Manager, Software Engineering > Red Hat Czech s.r.o. >